1. 23 Mar, 2013 1 commit
    • Kent Overstreet's avatar
      block: Convert some code to bio_for_each_segment_all() · cb34e057
      Kent Overstreet authored
      More prep work for immutable bvecs:
      
      A few places in the code were either open coding or using the wrong
      version - fix.
      
      After we introduce the bvec iter, it'll no longer be possible to modify
      the biovec through bio_for_each_segment_all() - it doesn't increment a
      pointer to the current bvec, you pass in a struct bio_vec (not a
      pointer) which is updated with what the current biovec would be (taking
      into account bi_bvec_done and bi_size).
      
      So because of that it's more worthwhile to be consistent about
      bio_for_each_segment()/bio_for_each_segment_all() usage.
      Signed-off-by: default avatarKent Overstreet <koverstreet@google.com>
      CC: Jens Axboe <axboe@kernel.dk>
      CC: NeilBrown <neilb@suse.de>
      CC: Alasdair Kergon <agk@redhat.com>
      CC: dm-devel@redhat.com
      CC: Alexander Viro <viro@zeniv.linux.org.uk>
      cb34e057
  2. 01 Mar, 2013 2 commits
    • Alasdair G Kergon's avatar
      dm: rename request variables to bios · 55a62eef
      Alasdair G Kergon authored
      Use 'bio' in the name of variables and functions that deal with
      bios rather than 'request' to avoid confusion with the normal
      block layer use of 'request'.
      
      No functional changes.
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      55a62eef
    • Mikulas Patocka's avatar
      dm: fix truncated status strings · fd7c092e
      Mikulas Patocka authored
      Avoid returning a truncated table or status string instead of setting
      the DM_BUFFER_FULL_FLAG when the last target of a table fills the
      buffer.
      
      When processing a table or status request, the function retrieve_status
      calls ti->type->status. If ti->type->status returns non-zero,
      retrieve_status assumes that the buffer overflowed and sets
      DM_BUFFER_FULL_FLAG.
      
      However, targets don't return non-zero values from their status method
      on overflow. Most targets returns always zero.
      
      If a buffer overflow happens in a target that is not the last in the
      table, it gets noticed during the next iteration of the loop in
      retrieve_status; but if a buffer overflow happens in the last target, it
      goes unnoticed and erroneously truncated data is returned.
      
      In the current code, the targets behave in the following way:
      * dm-crypt returns -ENOMEM if there is not enough space to store the
        key, but it returns 0 on all other overflows.
      * dm-thin returns errors from the status method if a disk error happened.
        This is incorrect because retrieve_status doesn't check the error
        code, it assumes that all non-zero values mean buffer overflow.
      * all the other targets always return 0.
      
      This patch changes the ti->type->status function to return void (because
      most targets don't use the return code). Overflow is detected in
      retrieve_status: if the status method fills up the remaining space
      completely, it is assumed that buffer overflow happened.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      fd7c092e
  3. 21 Dec, 2012 1 commit
  4. 09 Sep, 2012 2 commits
    • Kent Overstreet's avatar
      block: Add bio_clone_bioset(), bio_clone_kmalloc() · bf800ef1
      Kent Overstreet authored
      Previously, there was bio_clone() but it only allocated from the fs bio
      set; as a result various users were open coding it and using
      __bio_clone().
      
      This changes bio_clone() to become bio_clone_bioset(), and then we add
      bio_clone() and bio_clone_kmalloc() as wrappers around it, making use of
      the functionality the last patch adedd.
      
      This will also help in a later patch changing how bio cloning works.
      Signed-off-by: default avatarKent Overstreet <koverstreet@google.com>
      CC: Jens Axboe <axboe@kernel.dk>
      CC: NeilBrown <neilb@suse.de>
      CC: Alasdair Kergon <agk@redhat.com>
      CC: Boaz Harrosh <bharrosh@panasas.com>
      CC: Jeff Garzik <jeff@garzik.org>
      Acked-by: default avatarJeff Garzik <jgarzik@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      bf800ef1
    • Kent Overstreet's avatar
      block: Generalized bio pool freeing · 395c72a7
      Kent Overstreet authored
      With the old code, when you allocate a bio from a bio pool you have to
      implement your own destructor that knows how to find the bio pool the
      bio was originally allocated from.
      
      This adds a new field to struct bio (bi_pool) and changes
      bio_alloc_bioset() to use it. This makes various bio destructors
      unnecessary, so they're then deleted.
      
      v6: Explain the temporary if statement in bio_put
      Signed-off-by: default avatarKent Overstreet <koverstreet@google.com>
      CC: Jens Axboe <axboe@kernel.dk>
      CC: NeilBrown <neilb@suse.de>
      CC: Alasdair Kergon <agk@redhat.com>
      CC: Nicholas Bellinger <nab@linux-iscsi.org>
      CC: Lars Ellenberg <lars.ellenberg@linbit.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Acked-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      395c72a7
  5. 27 Jul, 2012 7 commits
  6. 28 Mar, 2012 3 commits
    • Mikulas Patocka's avatar
      dm: reject trailing characters in sccanf input · 31998ef1
      Mikulas Patocka authored
      Device mapper uses sscanf to convert arguments to numbers. The problem is that
      the way we use it ignores additional unmatched characters in the scanned string.
      
      For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
      but also it will match number with some garbage appended, like "123abc".
      
      As a result, device mapper accepts garbage after some numbers. For example
      the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
      will pass without an error.
      
      This patch fixes all sscanf uses in device mapper. It appends "%c" with
      a pointer to a dummy character variable to every sscanf statement.
      
      The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
      only if string is a null-terminated number (optionally preceded by some
      whitespace characters). If there is some character appended after the number,
      sscanf matches "%c", writes the character to the dummy variable and returns 2.
      We check the return value for 1 and consequently reject numbers with some
      garbage appended.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Acked-by: default avatarMike Snitzer <snitzer@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      31998ef1
    • Mikulas Patocka's avatar
      dm crypt: add missing error handling · 72c6e7af
      Mikulas Patocka authored
      Always set io->error to -EIO when an error is detected in dm-crypt.
      
      There were cases where an error code would be set only if we finish
      processing the last sector. If there were other encryption operations in
      flight, the error would be ignored and bio would be returned with
      success as if no error happened.
      
      This bug is present in kcryptd_crypt_write_convert, kcryptd_crypt_read_convert
      and kcryptd_async_done.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@kernel.org
      Reviewed-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      72c6e7af
    • Mikulas Patocka's avatar
      dm crypt: fix mempool deadlock · aeb2deae
      Mikulas Patocka authored
      This patch fixes a possible deadlock in dm-crypt's mempool use.
      
      Currently, dm-crypt reserves a mempool of MIN_BIO_PAGES reserved pages.
      It allocates first MIN_BIO_PAGES with non-failing allocation (the allocation
      cannot fail and waits until the mempool is refilled). Further pages are
      allocated with different gfp flags that allow failing.
      
      Because allocations may be done in parallel, this code can deadlock. Example:
      There are two processes, each tries to allocate MIN_BIO_PAGES and the processes
      run simultaneously.
      It may end up in a situation where each process allocates (MIN_BIO_PAGES / 2)
      pages. The mempool is exhausted. Each process waits for more pages to be freed
      to the mempool, which never happens.
      
      To avoid this deadlock scenario, this patch changes the code so that only
      the first page is allocated with non-failing gfp mask. Allocation of further
      pages may fail.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      aeb2deae
  7. 20 Mar, 2012 1 commit
  8. 25 Sep, 2011 1 commit
    • Milan Broz's avatar
      dm crypt: always disable discard_zeroes_data · 983c7db3
      Milan Broz authored
      If optional discard support in dm-crypt is enabled, discards requests
      bypass the crypt queue and blocks of the underlying device are discarded.
      For the read path, discarded blocks are handled the same as normal
      ciphertext blocks, thus decrypted.
      
      So if the underlying device announces discarded regions return zeroes,
      dm-crypt must disable this flag because after decryption there is just
      random noise instead of zeroes.
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      983c7db3
  9. 02 Aug, 2011 3 commits
  10. 26 Jul, 2011 1 commit
  11. 24 Mar, 2011 1 commit
  12. 10 Mar, 2011 1 commit
  13. 13 Jan, 2011 7 commits
    • Milan Broz's avatar
      dm crypt: add loop aes iv generator · 34745785
      Milan Broz authored
      This patch adds a compatible implementation of the block
      chaining mode used by the Loop-AES block device encryption
      system (http://loop-aes.sourceforge.net/) designed
      by Jari Ruusu.
      
      It operates on full 512 byte sectors and uses CBC
      with an IV derived from the sector number, the data and
      optionally extra IV seed.
      
      This means that after CBC decryption the first block of sector
      must be tweaked according to decrypted data.
      
      Loop-AES can use three encryption schemes:
       version 1: is plain aes-cbc mode (already compatible)
       version 2: uses 64 multikey scheme with own IV generator
       version 3: the same as version 2 with additional IV seed
                  (it uses 65 keys, last key is used as IV seed)
      
      The IV generator is here named lmk (Loop-AES multikey)
      and for the cipher specification looks like: aes:64-cbc-lmk
      
      Version 2 and 3 is recognised according to length
      of provided multi-key string (which is just hexa encoded
      "raw key" used in original Loop-AES ioctl).
      
      Configuration of the device and decoding key string will
      be done in userspace (cryptsetup).
      (Loop-AES stores keys in gpg encrypted file, raw keys are
      output of simple hashing of lines in this file).
      
      Based on an implementation by Max Vozeler:
        http://article.gmane.org/gmane.linux.kernel.cryptoapi/3752/Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      CC: Max Vozeler <max@hinterhof.net>
      34745785
    • Milan Broz's avatar
      dm crypt: add multi key capability · d1f96423
      Milan Broz authored
      This patch adds generic multikey handling to be used
      in following patch for Loop-AES mode compatibility.
      
      This patch extends mapping table to optional keycount and
      implements generic multi-key capability.
      
      With more keys defined the <key> string is divided into
      several <keycount> sections and these are used for tfms.
      
      The tfm is used according to sector offset
      (sector 0->tfm[0], sector 1->tfm[1], sector N->tfm[N modulo keycount])
      (only power of two values supported for keycount here).
      
      Because of tfms per-cpu allocation, this mode can be take
      a lot of memory on large smp systems.
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Cc: Max Vozeler <max@hinterhof.net>
      d1f96423
    • Milan Broz's avatar
      dm crypt: add post iv call to iv generator · 2dc5327d
      Milan Broz authored
      IV (initialisation vector) can in principle depend not only
      on sector but also on plaintext data (or other attributes).
      
      Change IV generator interface to work directly with dmreq
      structure to allow such dependence in generator.
      
      Also add post() function which is called after the crypto
      operation.
      
      This allows tricky modification of decrypted data or IV
      internals.
      
      In asynchronous mode the post() can be called after
      ctx->sector count was increased so it is needed
      to add iv_sector copy directly to dmreq structure.
      (N.B. dmreq always include only one sector in scatterlists)
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      2dc5327d
    • Milan Broz's avatar
      dm crypt: use io thread for reads only if mempool exhausted · 20c82538
      Milan Broz authored
      If there is enough memory, code can directly submit bio
      instead queing this operation in separate thread.
      
      Try to alloc bio clone with GFP_NOWAIT and only if it
      fails use separate queue (map function cannot block here).
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      20c82538
    • Andi Kleen's avatar
      dm crypt: scale to multiple cpus · c0297721
      Andi Kleen authored
      Currently dm-crypt does all the encryption work for a single dm-crypt
      mapping in a single workqueue. This does not scale well when multiple
      CPUs are submitting IO at a high rate. The single CPU running the single
      thread cannot keep up with the encryption and encrypted IO performance
      tanks.
      
      This patch changes the crypto workqueue to be per CPU. This means
      that as long as the IO submitter (or the interrupt target CPUs
      for reads) runs on different CPUs the encryption work will be also
      parallel.
      
      To avoid a bottleneck on the IO worker I also changed those to be
      per-CPU threads.
      
      There is still some shared data, so I suspect some bouncing
      cache lines. But I haven't done a detailed study on that yet.
      Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      c0297721
    • Milan Broz's avatar
      dm crypt: simplify compatible table output · 7dbcd137
      Milan Broz authored
      Rename cc->cipher_mode to cc->cipher_string and store the whole of the cipher
      information so it can easily be printed when processing the DM_DEV_STATUS ioctl.
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      7dbcd137
    • Milan Broz's avatar
      dm crypt: set key size early · 69a8cfcd
      Milan Broz authored
      Simplify key size verification (hexadecimal string) and
      set key size early in constructor.
      
      (Patch required by later changes.)
      Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      69a8cfcd
  14. 10 Sep, 2010 1 commit
    • Tejun Heo's avatar
      dm: implement REQ_FLUSH/FUA support for bio-based dm · d87f4c14
      Tejun Heo authored
      This patch converts bio-based dm to support REQ_FLUSH/FUA instead of
      now deprecated REQ_HARDBARRIER.
      
      * -EOPNOTSUPP handling logic dropped.
      
      * Preflush is handled as before but postflush is dropped and replaced
        with passing down REQ_FUA to member request_queues.  This replaces
        one array wide cache flush w/ member specific FUA writes.
      
      * __split_and_process_bio() now calls __clone_and_map_flush() directly
        for flushes and guarantees all FLUSH bio's going to targets are zero
      `  length.
      
      * It's now guaranteed that all FLUSH bio's which are passed onto dm
        targets are zero length.  bio_empty_barrier() tests are replaced
        with REQ_FLUSH tests.
      
      * Empty WRITE_BARRIERs are replaced with WRITE_FLUSHes.
      
      * Dropped unlikely() around REQ_FLUSH tests.  Flushes are not unlikely
        enough to be marked with unlikely().
      
      * Block layer now filters out REQ_FLUSH/FUA bio's if the request_queue
        doesn't support cache flushing.  Advertise REQ_FLUSH | REQ_FUA
        capability.
      
      * Request based dm isn't converted yet.  dm_init_request_based_queue()
        resets flush support to 0 for now.  To avoid disturbing request
        based dm code, dm->flush_error is added for bio based dm while
        requested based dm continues to use dm->barrier_error.
      
      Lightly tested linear, stripe, raid1, snap and crypt targets.  Please
      proceed with caution as I'm not familiar with the code base.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Cc: dm-devel@redhat.com
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <jaxboe@fusionio.com>
      d87f4c14
  15. 12 Aug, 2010 4 commits
  16. 06 Mar, 2010 1 commit
  17. 10 Dec, 2009 3 commits