Commit a7a5bc5f authored by Eric Biggers's avatar Eric Biggers
Browse files

fscrypt: log when starting to use inline encryption 



When inline encryption is used, the usual message "fscrypt: AES-256-XTS
using implementation <impl>" doesn't appear in the kernel log.  Add a
similar message for the blk-crypto case that indicates that inline
encryption was used, and whether blk-crypto-fallback was used or not.
This can be useful for debugging performance problems.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20220414053415.158986-1-ebiggers@kernel.org
parent 63cec138

fs/crypto/fscrypt_private.h

+3 −1
Original line number Diff line number Diff line
@@ -561,7 +561,9 @@ struct fscrypt_mode { 
	int keysize;		/* key size in bytes */

	int security_strength;	/* security strength in bytes */

	int ivsize;		/* IV size in bytes */

	int logged_impl_name;

	int logged_cryptoapi_impl;

	int logged_blk_crypto_native;

	int logged_blk_crypto_fallback;

	enum blk_crypto_mode_num blk_crypto_mode;

};

fs/crypto/inline_crypt.c

+32 −1
Original line number Diff line number Diff line
@@ -12,7 +12,7 @@ 
 * provides the key and IV to use.

 */



#include <linux/blk-crypto.h>

#include <linux/blk-crypto-profile.h>

#include <linux/blkdev.h>

#include <linux/buffer_head.h>

#include <linux/sched/mm.h>
@@ -64,6 +64,35 @@ static unsigned int fscrypt_get_dun_bytes(const struct fscrypt_info *ci) 
	return DIV_ROUND_UP(lblk_bits, 8);

}



/*

 * Log a message when starting to use blk-crypto (native) or blk-crypto-fallback

 * for an encryption mode for the first time.  This is the blk-crypto

 * counterpart to the message logged when starting to use the crypto API for the

 * first time.  A limitation is that these messages don't convey which specific

 * filesystems or files are using each implementation.  However, *usually*

 * systems use just one implementation per mode, which makes these messages

 * helpful for debugging problems where the "wrong" implementation is used.

 */

static void fscrypt_log_blk_crypto_impl(struct fscrypt_mode *mode,

					struct request_queue **devs,

					int num_devs,

					const struct blk_crypto_config *cfg)

{

	int i;



	for (i = 0; i < num_devs; i++) {

		if (!IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) ||

		    __blk_crypto_cfg_supported(devs[i]->crypto_profile, cfg)) {

			if (!xchg(&mode->logged_blk_crypto_native, 1))

				pr_info("fscrypt: %s using blk-crypto (native)\n",

					mode->friendly_name);

		} else if (!xchg(&mode->logged_blk_crypto_fallback, 1)) {

			pr_info("fscrypt: %s using blk-crypto-fallback\n",

				mode->friendly_name);

		}

	}

}



/* Enable inline encryption for this file if supported. */

int fscrypt_select_encryption_impl(struct fscrypt_info *ci)

{
@@ -117,6 +146,8 @@ int fscrypt_select_encryption_impl(struct fscrypt_info *ci) 
			goto out_free_devs;

	}



	fscrypt_log_blk_crypto_impl(ci->ci_mode, devs, num_devs, &crypto_cfg);



	ci->ci_inlinecrypt = true;

out_free_devs:

	kfree(devs);

fs/crypto/keysetup.c

+1 −1
Original line number Diff line number Diff line
@@ -94,7 +94,7 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key, 
			    mode->cipher_str, PTR_ERR(tfm));

		return tfm;

	}

	if (!xchg(&mode->logged_impl_name, 1)) {

	if (!xchg(&mode->logged_cryptoapi_impl, 1)) {

		/*

		 * fscrypt performance can vary greatly depending on which

		 * crypto algorithm implementation is used.  Help people debug