dm crypt: scale to multiple cpus
Currently dm-crypt does all the encryption work for a single dm-crypt mapping in a single workqueue. This does not scale well when multiple CPUs are submitting IO at a high rate. The single CPU running the single thread cannot keep up with the encryption and encrypted IO performance tanks. This patch changes the crypto workqueue to be per CPU. This means that as long as the IO submitter (or the interrupt target CPUs for reads) runs on different CPUs the encryption work will be also parallel. To avoid a bottleneck on the IO worker I also changed those to be per-CPU threads. There is still some shared data, so I suspect some bouncing cache lines. But I haven't done a detailed study on that yet. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
This commit is contained in:
		
					parent
					
						
							
								7dbcd13741
							
						
					
				
			
			
				commit
				
					
						c029772125
					
				
			
		
					 1 changed files with 196 additions and 58 deletions
				
			
		|  | @ -18,6 +18,7 @@ | ||||||
| #include <linux/crypto.h> | #include <linux/crypto.h> | ||||||
| #include <linux/workqueue.h> | #include <linux/workqueue.h> | ||||||
| #include <linux/backing-dev.h> | #include <linux/backing-dev.h> | ||||||
|  | #include <linux/percpu.h> | ||||||
| #include <asm/atomic.h> | #include <asm/atomic.h> | ||||||
| #include <linux/scatterlist.h> | #include <linux/scatterlist.h> | ||||||
| #include <asm/page.h> | #include <asm/page.h> | ||||||
|  | @ -77,7 +78,6 @@ struct crypt_iv_operations { | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| struct iv_essiv_private { | struct iv_essiv_private { | ||||||
| 	struct crypto_cipher *tfm; |  | ||||||
| 	struct crypto_hash *hash_tfm; | 	struct crypto_hash *hash_tfm; | ||||||
| 	u8 *salt; | 	u8 *salt; | ||||||
| }; | }; | ||||||
|  | @ -91,6 +91,22 @@ struct iv_benbi_private { | ||||||
|  * and encrypts / decrypts at the same time. |  * and encrypts / decrypts at the same time. | ||||||
|  */ |  */ | ||||||
| enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID }; | enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID }; | ||||||
|  | 
 | ||||||
|  | /*
 | ||||||
|  |  * Duplicated per-CPU state for cipher. | ||||||
|  |  */ | ||||||
|  | struct crypt_cpu { | ||||||
|  | 	struct ablkcipher_request *req; | ||||||
|  | 	struct crypto_ablkcipher *tfm; | ||||||
|  | 
 | ||||||
|  | 	/* ESSIV: struct crypto_cipher *essiv_tfm */ | ||||||
|  | 	void *iv_private; | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | /*
 | ||||||
|  |  * The fields in here must be read only after initialization, | ||||||
|  |  * changing state should be in crypt_cpu. | ||||||
|  |  */ | ||||||
| struct crypt_config { | struct crypt_config { | ||||||
| 	struct dm_dev *dev; | 	struct dm_dev *dev; | ||||||
| 	sector_t start; | 	sector_t start; | ||||||
|  | @ -118,6 +134,12 @@ struct crypt_config { | ||||||
| 	sector_t iv_offset; | 	sector_t iv_offset; | ||||||
| 	unsigned int iv_size; | 	unsigned int iv_size; | ||||||
| 
 | 
 | ||||||
|  | 	/*
 | ||||||
|  | 	 * Duplicated per cpu state. Access through | ||||||
|  | 	 * per_cpu_ptr() only. | ||||||
|  | 	 */ | ||||||
|  | 	struct crypt_cpu __percpu *cpu; | ||||||
|  | 
 | ||||||
| 	/*
 | 	/*
 | ||||||
| 	 * Layout of each crypto request: | 	 * Layout of each crypto request: | ||||||
| 	 * | 	 * | ||||||
|  | @ -132,9 +154,7 @@ struct crypt_config { | ||||||
| 	 * correctly aligned. | 	 * correctly aligned. | ||||||
| 	 */ | 	 */ | ||||||
| 	unsigned int dmreq_start; | 	unsigned int dmreq_start; | ||||||
| 	struct ablkcipher_request *req; |  | ||||||
| 
 | 
 | ||||||
| 	struct crypto_ablkcipher *tfm; |  | ||||||
| 	unsigned long flags; | 	unsigned long flags; | ||||||
| 	unsigned int key_size; | 	unsigned int key_size; | ||||||
| 	u8 key[0]; | 	u8 key[0]; | ||||||
|  | @ -149,6 +169,19 @@ static struct kmem_cache *_crypt_io_pool; | ||||||
| static void clone_init(struct dm_crypt_io *, struct bio *); | static void clone_init(struct dm_crypt_io *, struct bio *); | ||||||
| static void kcryptd_queue_crypt(struct dm_crypt_io *io); | static void kcryptd_queue_crypt(struct dm_crypt_io *io); | ||||||
| 
 | 
 | ||||||
|  | static struct crypt_cpu *this_crypt_config(struct crypt_config *cc) | ||||||
|  | { | ||||||
|  | 	return this_cpu_ptr(cc->cpu); | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*
 | ||||||
|  |  * Use this to access cipher attributes that are the same for each CPU. | ||||||
|  |  */ | ||||||
|  | static struct crypto_ablkcipher *any_tfm(struct crypt_config *cc) | ||||||
|  | { | ||||||
|  | 	return __this_cpu_ptr(cc->cpu)->tfm; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| /*
 | /*
 | ||||||
|  * Different IV generation algorithms: |  * Different IV generation algorithms: | ||||||
|  * |  * | ||||||
|  | @ -195,7 +228,8 @@ static int crypt_iv_essiv_init(struct crypt_config *cc) | ||||||
| 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | ||||||
| 	struct hash_desc desc; | 	struct hash_desc desc; | ||||||
| 	struct scatterlist sg; | 	struct scatterlist sg; | ||||||
| 	int err; | 	struct crypto_cipher *essiv_tfm; | ||||||
|  | 	int err, cpu; | ||||||
| 
 | 
 | ||||||
| 	sg_init_one(&sg, cc->key, cc->key_size); | 	sg_init_one(&sg, cc->key, cc->key_size); | ||||||
| 	desc.tfm = essiv->hash_tfm; | 	desc.tfm = essiv->hash_tfm; | ||||||
|  | @ -205,8 +239,16 @@ static int crypt_iv_essiv_init(struct crypt_config *cc) | ||||||
| 	if (err) | 	if (err) | ||||||
| 		return err; | 		return err; | ||||||
| 
 | 
 | ||||||
| 	return crypto_cipher_setkey(essiv->tfm, essiv->salt, | 	for_each_possible_cpu(cpu) { | ||||||
|  | 		essiv_tfm = per_cpu_ptr(cc->cpu, cpu)->iv_private, | ||||||
|  | 
 | ||||||
|  | 		err = crypto_cipher_setkey(essiv_tfm, essiv->salt, | ||||||
| 				    crypto_hash_digestsize(essiv->hash_tfm)); | 				    crypto_hash_digestsize(essiv->hash_tfm)); | ||||||
|  | 		if (err) | ||||||
|  | 			return err; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Wipe salt and reset key derived from volume key */ | /* Wipe salt and reset key derived from volume key */ | ||||||
|  | @ -214,24 +256,76 @@ static int crypt_iv_essiv_wipe(struct crypt_config *cc) | ||||||
| { | { | ||||||
| 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | ||||||
| 	unsigned salt_size = crypto_hash_digestsize(essiv->hash_tfm); | 	unsigned salt_size = crypto_hash_digestsize(essiv->hash_tfm); | ||||||
|  | 	struct crypto_cipher *essiv_tfm; | ||||||
|  | 	int cpu, r, err = 0; | ||||||
| 
 | 
 | ||||||
| 	memset(essiv->salt, 0, salt_size); | 	memset(essiv->salt, 0, salt_size); | ||||||
| 
 | 
 | ||||||
| 	return crypto_cipher_setkey(essiv->tfm, essiv->salt, salt_size); | 	for_each_possible_cpu(cpu) { | ||||||
|  | 		essiv_tfm = per_cpu_ptr(cc->cpu, cpu)->iv_private; | ||||||
|  | 		r = crypto_cipher_setkey(essiv_tfm, essiv->salt, salt_size); | ||||||
|  | 		if (r) | ||||||
|  | 			err = r; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return err; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /* Set up per cpu cipher state */ | ||||||
|  | static struct crypto_cipher *setup_essiv_cpu(struct crypt_config *cc, | ||||||
|  | 					     struct dm_target *ti, | ||||||
|  | 					     u8 *salt, unsigned saltsize) | ||||||
|  | { | ||||||
|  | 	struct crypto_cipher *essiv_tfm; | ||||||
|  | 	int err; | ||||||
|  | 
 | ||||||
|  | 	/* Setup the essiv_tfm with the given salt */ | ||||||
|  | 	essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); | ||||||
|  | 	if (IS_ERR(essiv_tfm)) { | ||||||
|  | 		ti->error = "Error allocating crypto tfm for ESSIV"; | ||||||
|  | 		return essiv_tfm; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (crypto_cipher_blocksize(essiv_tfm) != | ||||||
|  | 	    crypto_ablkcipher_ivsize(any_tfm(cc))) { | ||||||
|  | 		ti->error = "Block size of ESSIV cipher does " | ||||||
|  | 			    "not match IV size of block cipher"; | ||||||
|  | 		crypto_free_cipher(essiv_tfm); | ||||||
|  | 		return ERR_PTR(-EINVAL); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	err = crypto_cipher_setkey(essiv_tfm, salt, saltsize); | ||||||
|  | 	if (err) { | ||||||
|  | 		ti->error = "Failed to set key for ESSIV cipher"; | ||||||
|  | 		crypto_free_cipher(essiv_tfm); | ||||||
|  | 		return ERR_PTR(err); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return essiv_tfm; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void crypt_iv_essiv_dtr(struct crypt_config *cc) | static void crypt_iv_essiv_dtr(struct crypt_config *cc) | ||||||
| { | { | ||||||
|  | 	int cpu; | ||||||
|  | 	struct crypt_cpu *cpu_cc; | ||||||
|  | 	struct crypto_cipher *essiv_tfm; | ||||||
| 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | 	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; | ||||||
| 
 | 
 | ||||||
| 	crypto_free_cipher(essiv->tfm); |  | ||||||
| 	essiv->tfm = NULL; |  | ||||||
| 
 |  | ||||||
| 	crypto_free_hash(essiv->hash_tfm); | 	crypto_free_hash(essiv->hash_tfm); | ||||||
| 	essiv->hash_tfm = NULL; | 	essiv->hash_tfm = NULL; | ||||||
| 
 | 
 | ||||||
| 	kzfree(essiv->salt); | 	kzfree(essiv->salt); | ||||||
| 	essiv->salt = NULL; | 	essiv->salt = NULL; | ||||||
|  | 
 | ||||||
|  | 	for_each_possible_cpu(cpu) { | ||||||
|  | 		cpu_cc = per_cpu_ptr(cc->cpu, cpu); | ||||||
|  | 		essiv_tfm = cpu_cc->iv_private; | ||||||
|  | 
 | ||||||
|  | 		if (essiv_tfm) | ||||||
|  | 			crypto_free_cipher(essiv_tfm); | ||||||
|  | 
 | ||||||
|  | 		cpu_cc->iv_private = NULL; | ||||||
|  | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | ||||||
|  | @ -240,7 +334,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | ||||||
| 	struct crypto_cipher *essiv_tfm = NULL; | 	struct crypto_cipher *essiv_tfm = NULL; | ||||||
| 	struct crypto_hash *hash_tfm = NULL; | 	struct crypto_hash *hash_tfm = NULL; | ||||||
| 	u8 *salt = NULL; | 	u8 *salt = NULL; | ||||||
| 	int err; | 	int err, cpu; | ||||||
| 
 | 
 | ||||||
| 	if (!opts) { | 	if (!opts) { | ||||||
| 		ti->error = "Digest algorithm missing for ESSIV mode"; | 		ti->error = "Digest algorithm missing for ESSIV mode"; | ||||||
|  | @ -262,30 +356,22 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | ||||||
| 		goto bad; | 		goto bad; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/* Allocate essiv_tfm */ |  | ||||||
| 	essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); |  | ||||||
| 	if (IS_ERR(essiv_tfm)) { |  | ||||||
| 		ti->error = "Error allocating crypto tfm for ESSIV"; |  | ||||||
| 		err = PTR_ERR(essiv_tfm); |  | ||||||
| 		goto bad; |  | ||||||
| 	} |  | ||||||
| 	if (crypto_cipher_blocksize(essiv_tfm) != |  | ||||||
| 	    crypto_ablkcipher_ivsize(cc->tfm)) { |  | ||||||
| 		ti->error = "Block size of ESSIV cipher does " |  | ||||||
| 			    "not match IV size of block cipher"; |  | ||||||
| 		err = -EINVAL; |  | ||||||
| 		goto bad; |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	cc->iv_gen_private.essiv.salt = salt; | 	cc->iv_gen_private.essiv.salt = salt; | ||||||
| 	cc->iv_gen_private.essiv.tfm = essiv_tfm; |  | ||||||
| 	cc->iv_gen_private.essiv.hash_tfm = hash_tfm; | 	cc->iv_gen_private.essiv.hash_tfm = hash_tfm; | ||||||
| 
 | 
 | ||||||
|  | 	for_each_possible_cpu(cpu) { | ||||||
|  | 		essiv_tfm = setup_essiv_cpu(cc, ti, salt, | ||||||
|  | 					crypto_hash_digestsize(hash_tfm)); | ||||||
|  | 		if (IS_ERR(essiv_tfm)) { | ||||||
|  | 			crypt_iv_essiv_dtr(cc); | ||||||
|  | 			return PTR_ERR(essiv_tfm); | ||||||
|  | 		} | ||||||
|  | 		per_cpu_ptr(cc->cpu, cpu)->iv_private = essiv_tfm; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	return 0; | 	return 0; | ||||||
| 
 | 
 | ||||||
| bad: | bad: | ||||||
| 	if (essiv_tfm && !IS_ERR(essiv_tfm)) |  | ||||||
| 		crypto_free_cipher(essiv_tfm); |  | ||||||
| 	if (hash_tfm && !IS_ERR(hash_tfm)) | 	if (hash_tfm && !IS_ERR(hash_tfm)) | ||||||
| 		crypto_free_hash(hash_tfm); | 		crypto_free_hash(hash_tfm); | ||||||
| 	kfree(salt); | 	kfree(salt); | ||||||
|  | @ -294,16 +380,19 @@ bad: | ||||||
| 
 | 
 | ||||||
| static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) | static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) | ||||||
| { | { | ||||||
|  | 	struct crypto_cipher *essiv_tfm = this_crypt_config(cc)->iv_private; | ||||||
|  | 
 | ||||||
| 	memset(iv, 0, cc->iv_size); | 	memset(iv, 0, cc->iv_size); | ||||||
| 	*(u64 *)iv = cpu_to_le64(sector); | 	*(u64 *)iv = cpu_to_le64(sector); | ||||||
| 	crypto_cipher_encrypt_one(cc->iv_gen_private.essiv.tfm, iv, iv); | 	crypto_cipher_encrypt_one(essiv_tfm, iv, iv); | ||||||
|  | 
 | ||||||
| 	return 0; | 	return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti, | static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti, | ||||||
| 			      const char *opts) | 			      const char *opts) | ||||||
| { | { | ||||||
| 	unsigned bs = crypto_ablkcipher_blocksize(cc->tfm); | 	unsigned bs = crypto_ablkcipher_blocksize(any_tfm(cc)); | ||||||
| 	int log = ilog2(bs); | 	int log = ilog2(bs); | ||||||
| 
 | 
 | ||||||
| 	/* we need to calculate how far we must shift the sector count
 | 	/* we need to calculate how far we must shift the sector count
 | ||||||
|  | @ -412,7 +501,7 @@ static int crypt_convert_block(struct crypt_config *cc, | ||||||
| 
 | 
 | ||||||
| 	dmreq = dmreq_of_req(cc, req); | 	dmreq = dmreq_of_req(cc, req); | ||||||
| 	iv = (u8 *)ALIGN((unsigned long)(dmreq + 1), | 	iv = (u8 *)ALIGN((unsigned long)(dmreq + 1), | ||||||
| 			 crypto_ablkcipher_alignmask(cc->tfm) + 1); | 			 crypto_ablkcipher_alignmask(any_tfm(cc)) + 1); | ||||||
| 
 | 
 | ||||||
| 	dmreq->ctx = ctx; | 	dmreq->ctx = ctx; | ||||||
| 	sg_init_table(&dmreq->sg_in, 1); | 	sg_init_table(&dmreq->sg_in, 1); | ||||||
|  | @ -454,16 +543,19 @@ static int crypt_convert_block(struct crypt_config *cc, | ||||||
| 
 | 
 | ||||||
| static void kcryptd_async_done(struct crypto_async_request *async_req, | static void kcryptd_async_done(struct crypto_async_request *async_req, | ||||||
| 			       int error); | 			       int error); | ||||||
|  | 
 | ||||||
| static void crypt_alloc_req(struct crypt_config *cc, | static void crypt_alloc_req(struct crypt_config *cc, | ||||||
| 			    struct convert_context *ctx) | 			    struct convert_context *ctx) | ||||||
| { | { | ||||||
| 	if (!cc->req) | 	struct crypt_cpu *this_cc = this_crypt_config(cc); | ||||||
| 		cc->req = mempool_alloc(cc->req_pool, GFP_NOIO); | 
 | ||||||
| 	ablkcipher_request_set_tfm(cc->req, cc->tfm); | 	if (!this_cc->req) | ||||||
| 	ablkcipher_request_set_callback(cc->req, CRYPTO_TFM_REQ_MAY_BACKLOG | | 		this_cc->req = mempool_alloc(cc->req_pool, GFP_NOIO); | ||||||
| 					CRYPTO_TFM_REQ_MAY_SLEEP, | 
 | ||||||
| 					kcryptd_async_done, | 	ablkcipher_request_set_tfm(this_cc->req, this_cc->tfm); | ||||||
| 					dmreq_of_req(cc, cc->req)); | 	ablkcipher_request_set_callback(this_cc->req, | ||||||
|  | 	    CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, | ||||||
|  | 	    kcryptd_async_done, dmreq_of_req(cc, this_cc->req)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /*
 | /*
 | ||||||
|  | @ -472,6 +564,7 @@ static void crypt_alloc_req(struct crypt_config *cc, | ||||||
| static int crypt_convert(struct crypt_config *cc, | static int crypt_convert(struct crypt_config *cc, | ||||||
| 			 struct convert_context *ctx) | 			 struct convert_context *ctx) | ||||||
| { | { | ||||||
|  | 	struct crypt_cpu *this_cc = this_crypt_config(cc); | ||||||
| 	int r; | 	int r; | ||||||
| 
 | 
 | ||||||
| 	atomic_set(&ctx->pending, 1); | 	atomic_set(&ctx->pending, 1); | ||||||
|  | @ -483,7 +576,7 @@ static int crypt_convert(struct crypt_config *cc, | ||||||
| 
 | 
 | ||||||
| 		atomic_inc(&ctx->pending); | 		atomic_inc(&ctx->pending); | ||||||
| 
 | 
 | ||||||
| 		r = crypt_convert_block(cc, ctx, cc->req); | 		r = crypt_convert_block(cc, ctx, this_cc->req); | ||||||
| 
 | 
 | ||||||
| 		switch (r) { | 		switch (r) { | ||||||
| 		/* async */ | 		/* async */ | ||||||
|  | @ -492,7 +585,7 @@ static int crypt_convert(struct crypt_config *cc, | ||||||
| 			INIT_COMPLETION(ctx->restart); | 			INIT_COMPLETION(ctx->restart); | ||||||
| 			/* fall through*/ | 			/* fall through*/ | ||||||
| 		case -EINPROGRESS: | 		case -EINPROGRESS: | ||||||
| 			cc->req = NULL; | 			this_cc->req = NULL; | ||||||
| 			ctx->sector++; | 			ctx->sector++; | ||||||
| 			continue; | 			continue; | ||||||
| 
 | 
 | ||||||
|  | @ -651,6 +744,9 @@ static void crypt_dec_pending(struct dm_crypt_io *io) | ||||||
|  * They must be separated as otherwise the final stages could be |  * They must be separated as otherwise the final stages could be | ||||||
|  * starved by new requests which can block in the first stages due |  * starved by new requests which can block in the first stages due | ||||||
|  * to memory allocation. |  * to memory allocation. | ||||||
|  |  * | ||||||
|  |  * The work is done per CPU global for all dm-crypt instances. | ||||||
|  |  * They should not depend on each other and do not block. | ||||||
|  */ |  */ | ||||||
| static void crypt_endio(struct bio *clone, int error) | static void crypt_endio(struct bio *clone, int error) | ||||||
| { | { | ||||||
|  | @ -971,6 +1067,20 @@ static void crypt_encode_key(char *hex, u8 *key, unsigned int size) | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static int crypt_setkey_allcpus(struct crypt_config *cc) | ||||||
|  | { | ||||||
|  | 	int cpu, err = 0, r; | ||||||
|  | 
 | ||||||
|  | 	for_each_possible_cpu(cpu) { | ||||||
|  | 		r = crypto_ablkcipher_setkey(per_cpu_ptr(cc->cpu, cpu)->tfm, | ||||||
|  | 					       cc->key, cc->key_size); | ||||||
|  | 		if (r) | ||||||
|  | 			err = r; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return err; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| static int crypt_set_key(struct crypt_config *cc, char *key) | static int crypt_set_key(struct crypt_config *cc, char *key) | ||||||
| { | { | ||||||
| 	/* The key size may not be changed. */ | 	/* The key size may not be changed. */ | ||||||
|  | @ -986,19 +1096,22 @@ static int crypt_set_key(struct crypt_config *cc, char *key) | ||||||
| 
 | 
 | ||||||
| 	set_bit(DM_CRYPT_KEY_VALID, &cc->flags); | 	set_bit(DM_CRYPT_KEY_VALID, &cc->flags); | ||||||
| 
 | 
 | ||||||
| 	return crypto_ablkcipher_setkey(cc->tfm, cc->key, cc->key_size); | 	return crypt_setkey_allcpus(cc); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static int crypt_wipe_key(struct crypt_config *cc) | static int crypt_wipe_key(struct crypt_config *cc) | ||||||
| { | { | ||||||
| 	clear_bit(DM_CRYPT_KEY_VALID, &cc->flags); | 	clear_bit(DM_CRYPT_KEY_VALID, &cc->flags); | ||||||
| 	memset(&cc->key, 0, cc->key_size * sizeof(u8)); | 	memset(&cc->key, 0, cc->key_size * sizeof(u8)); | ||||||
| 	return crypto_ablkcipher_setkey(cc->tfm, cc->key, cc->key_size); | 
 | ||||||
|  | 	return crypt_setkey_allcpus(cc); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void crypt_dtr(struct dm_target *ti) | static void crypt_dtr(struct dm_target *ti) | ||||||
| { | { | ||||||
| 	struct crypt_config *cc = ti->private; | 	struct crypt_config *cc = ti->private; | ||||||
|  | 	struct crypt_cpu *cpu_cc; | ||||||
|  | 	int cpu; | ||||||
| 
 | 
 | ||||||
| 	ti->private = NULL; | 	ti->private = NULL; | ||||||
| 
 | 
 | ||||||
|  | @ -1010,6 +1123,15 @@ static void crypt_dtr(struct dm_target *ti) | ||||||
| 	if (cc->crypt_queue) | 	if (cc->crypt_queue) | ||||||
| 		destroy_workqueue(cc->crypt_queue); | 		destroy_workqueue(cc->crypt_queue); | ||||||
| 
 | 
 | ||||||
|  | 	if (cc->cpu) | ||||||
|  | 		for_each_possible_cpu(cpu) { | ||||||
|  | 			cpu_cc = per_cpu_ptr(cc->cpu, cpu); | ||||||
|  | 			if (cpu_cc->req) | ||||||
|  | 				mempool_free(cpu_cc->req, cc->req_pool); | ||||||
|  | 			if (cpu_cc->tfm) | ||||||
|  | 				crypto_free_ablkcipher(cpu_cc->tfm); | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
| 	if (cc->bs) | 	if (cc->bs) | ||||||
| 		bioset_free(cc->bs); | 		bioset_free(cc->bs); | ||||||
| 
 | 
 | ||||||
|  | @ -1023,12 +1145,12 @@ static void crypt_dtr(struct dm_target *ti) | ||||||
| 	if (cc->iv_gen_ops && cc->iv_gen_ops->dtr) | 	if (cc->iv_gen_ops && cc->iv_gen_ops->dtr) | ||||||
| 		cc->iv_gen_ops->dtr(cc); | 		cc->iv_gen_ops->dtr(cc); | ||||||
| 
 | 
 | ||||||
| 	if (cc->tfm && !IS_ERR(cc->tfm)) |  | ||||||
| 		crypto_free_ablkcipher(cc->tfm); |  | ||||||
| 
 |  | ||||||
| 	if (cc->dev) | 	if (cc->dev) | ||||||
| 		dm_put_device(ti, cc->dev); | 		dm_put_device(ti, cc->dev); | ||||||
| 
 | 
 | ||||||
|  | 	if (cc->cpu) | ||||||
|  | 		free_percpu(cc->cpu); | ||||||
|  | 
 | ||||||
| 	kzfree(cc->cipher); | 	kzfree(cc->cipher); | ||||||
| 	kzfree(cc->cipher_string); | 	kzfree(cc->cipher_string); | ||||||
| 
 | 
 | ||||||
|  | @ -1040,9 +1162,10 @@ static int crypt_ctr_cipher(struct dm_target *ti, | ||||||
| 			    char *cipher_in, char *key) | 			    char *cipher_in, char *key) | ||||||
| { | { | ||||||
| 	struct crypt_config *cc = ti->private; | 	struct crypt_config *cc = ti->private; | ||||||
|  | 	struct crypto_ablkcipher *tfm; | ||||||
| 	char *tmp, *cipher, *chainmode, *ivmode, *ivopts; | 	char *tmp, *cipher, *chainmode, *ivmode, *ivopts; | ||||||
| 	char *cipher_api = NULL; | 	char *cipher_api = NULL; | ||||||
| 	int ret = -EINVAL; | 	int cpu, ret = -EINVAL; | ||||||
| 
 | 
 | ||||||
| 	/* Convert to crypto api definition? */ | 	/* Convert to crypto api definition? */ | ||||||
| 	if (strchr(cipher_in, '(')) { | 	if (strchr(cipher_in, '(')) { | ||||||
|  | @ -1072,6 +1195,12 @@ static int crypt_ctr_cipher(struct dm_target *ti, | ||||||
| 	if (tmp) | 	if (tmp) | ||||||
| 		DMWARN("Ignoring unexpected additional cipher options"); | 		DMWARN("Ignoring unexpected additional cipher options"); | ||||||
| 
 | 
 | ||||||
|  | 	cc->cpu = alloc_percpu(struct crypt_cpu); | ||||||
|  | 	if (!cc->cpu) { | ||||||
|  | 		ti->error = "Cannot allocate per cpu state"; | ||||||
|  | 		goto bad_mem; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	/*
 | 	/*
 | ||||||
| 	 * For compatibility with the original dm-crypt mapping format, if | 	 * For compatibility with the original dm-crypt mapping format, if | ||||||
| 	 * only the cipher name is supplied, use cbc-plain. | 	 * only the cipher name is supplied, use cbc-plain. | ||||||
|  | @ -1098,12 +1227,15 @@ static int crypt_ctr_cipher(struct dm_target *ti, | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/* Allocate cipher */ | 	/* Allocate cipher */ | ||||||
| 	cc->tfm = crypto_alloc_ablkcipher(cipher_api, 0, 0); | 	for_each_possible_cpu(cpu) { | ||||||
| 	if (IS_ERR(cc->tfm)) { | 		tfm = crypto_alloc_ablkcipher(cipher_api, 0, 0); | ||||||
| 		ret = PTR_ERR(cc->tfm); | 		if (IS_ERR(tfm)) { | ||||||
|  | 			ret = PTR_ERR(tfm); | ||||||
| 			ti->error = "Error allocating crypto tfm"; | 			ti->error = "Error allocating crypto tfm"; | ||||||
| 			goto bad; | 			goto bad; | ||||||
| 		} | 		} | ||||||
|  | 		per_cpu_ptr(cc->cpu, cpu)->tfm = tfm; | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	/* Initialize and set key */ | 	/* Initialize and set key */ | ||||||
| 	ret = crypt_set_key(cc, key); | 	ret = crypt_set_key(cc, key); | ||||||
|  | @ -1113,7 +1245,7 @@ static int crypt_ctr_cipher(struct dm_target *ti, | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/* Initialize IV */ | 	/* Initialize IV */ | ||||||
| 	cc->iv_size = crypto_ablkcipher_ivsize(cc->tfm); | 	cc->iv_size = crypto_ablkcipher_ivsize(any_tfm(cc)); | ||||||
| 	if (cc->iv_size) | 	if (cc->iv_size) | ||||||
| 		/* at least a 64 bit sector number should fit in our buffer */ | 		/* at least a 64 bit sector number should fit in our buffer */ | ||||||
| 		cc->iv_size = max(cc->iv_size, | 		cc->iv_size = max(cc->iv_size, | ||||||
|  | @ -1208,9 +1340,9 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	cc->dmreq_start = sizeof(struct ablkcipher_request); | 	cc->dmreq_start = sizeof(struct ablkcipher_request); | ||||||
| 	cc->dmreq_start += crypto_ablkcipher_reqsize(cc->tfm); | 	cc->dmreq_start += crypto_ablkcipher_reqsize(any_tfm(cc)); | ||||||
| 	cc->dmreq_start = ALIGN(cc->dmreq_start, crypto_tfm_ctx_alignment()); | 	cc->dmreq_start = ALIGN(cc->dmreq_start, crypto_tfm_ctx_alignment()); | ||||||
| 	cc->dmreq_start += crypto_ablkcipher_alignmask(cc->tfm) & | 	cc->dmreq_start += crypto_ablkcipher_alignmask(any_tfm(cc)) & | ||||||
| 			   ~(crypto_tfm_ctx_alignment() - 1); | 			   ~(crypto_tfm_ctx_alignment() - 1); | ||||||
| 
 | 
 | ||||||
| 	cc->req_pool = mempool_create_kmalloc_pool(MIN_IOS, cc->dmreq_start + | 	cc->req_pool = mempool_create_kmalloc_pool(MIN_IOS, cc->dmreq_start + | ||||||
|  | @ -1219,7 +1351,6 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | ||||||
| 		ti->error = "Cannot allocate crypt request mempool"; | 		ti->error = "Cannot allocate crypt request mempool"; | ||||||
| 		goto bad; | 		goto bad; | ||||||
| 	} | 	} | ||||||
| 	cc->req = NULL; |  | ||||||
| 
 | 
 | ||||||
| 	cc->page_pool = mempool_create_page_pool(MIN_POOL_PAGES, 0); | 	cc->page_pool = mempool_create_page_pool(MIN_POOL_PAGES, 0); | ||||||
| 	if (!cc->page_pool) { | 	if (!cc->page_pool) { | ||||||
|  | @ -1252,13 +1383,20 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | ||||||
| 	cc->start = tmpll; | 	cc->start = tmpll; | ||||||
| 
 | 
 | ||||||
| 	ret = -ENOMEM; | 	ret = -ENOMEM; | ||||||
| 	cc->io_queue = create_singlethread_workqueue("kcryptd_io"); | 	cc->io_queue = alloc_workqueue("kcryptd_io", | ||||||
|  | 				       WQ_NON_REENTRANT| | ||||||
|  | 				       WQ_MEM_RECLAIM, | ||||||
|  | 				       1); | ||||||
| 	if (!cc->io_queue) { | 	if (!cc->io_queue) { | ||||||
| 		ti->error = "Couldn't create kcryptd io queue"; | 		ti->error = "Couldn't create kcryptd io queue"; | ||||||
| 		goto bad; | 		goto bad; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	cc->crypt_queue = create_singlethread_workqueue("kcryptd"); | 	cc->crypt_queue = alloc_workqueue("kcryptd", | ||||||
|  | 					  WQ_NON_REENTRANT| | ||||||
|  | 					  WQ_CPU_INTENSIVE| | ||||||
|  | 					  WQ_MEM_RECLAIM, | ||||||
|  | 					  1); | ||||||
| 	if (!cc->crypt_queue) { | 	if (!cc->crypt_queue) { | ||||||
| 		ti->error = "Couldn't create kcryptd queue"; | 		ti->error = "Couldn't create kcryptd queue"; | ||||||
| 		goto bad; | 		goto bad; | ||||||
|  | @ -1418,7 +1556,7 @@ static int crypt_iterate_devices(struct dm_target *ti, | ||||||
| 
 | 
 | ||||||
| static struct target_type crypt_target = { | static struct target_type crypt_target = { | ||||||
| 	.name   = "crypt", | 	.name   = "crypt", | ||||||
| 	.version = {1, 8, 0}, | 	.version = {1, 9, 0}, | ||||||
| 	.module = THIS_MODULE, | 	.module = THIS_MODULE, | ||||||
| 	.ctr    = crypt_ctr, | 	.ctr    = crypt_ctr, | ||||||
| 	.dtr    = crypt_dtr, | 	.dtr    = crypt_dtr, | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Andi Kleen
				Andi Kleen