diff options
| -rw-r--r-- | drivers/md/dm-crypt.c | 180 |
1 files changed, 93 insertions, 87 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index a8aab9cf26b9..139bbe2254cd 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c | |||
| @@ -999,6 +999,45 @@ static int crypt_wipe_key(struct crypt_config *cc) | |||
| 999 | return crypto_ablkcipher_setkey(cc->tfm, cc->key, cc->key_size); | 999 | return crypto_ablkcipher_setkey(cc->tfm, cc->key, cc->key_size); |
| 1000 | } | 1000 | } |
| 1001 | 1001 | ||
| 1002 | static void crypt_dtr(struct dm_target *ti) | ||
| 1003 | { | ||
| 1004 | struct crypt_config *cc = ti->private; | ||
| 1005 | |||
| 1006 | ti->private = NULL; | ||
| 1007 | |||
| 1008 | if (!cc) | ||
| 1009 | return; | ||
| 1010 | |||
| 1011 | if (cc->io_queue) | ||
| 1012 | destroy_workqueue(cc->io_queue); | ||
| 1013 | if (cc->crypt_queue) | ||
| 1014 | destroy_workqueue(cc->crypt_queue); | ||
| 1015 | |||
| 1016 | if (cc->bs) | ||
| 1017 | bioset_free(cc->bs); | ||
| 1018 | |||
| 1019 | if (cc->page_pool) | ||
| 1020 | mempool_destroy(cc->page_pool); | ||
| 1021 | if (cc->req_pool) | ||
| 1022 | mempool_destroy(cc->req_pool); | ||
| 1023 | if (cc->io_pool) | ||
| 1024 | mempool_destroy(cc->io_pool); | ||
| 1025 | |||
| 1026 | if (cc->iv_gen_ops && cc->iv_gen_ops->dtr) | ||
| 1027 | cc->iv_gen_ops->dtr(cc); | ||
| 1028 | |||
| 1029 | if (cc->tfm && !IS_ERR(cc->tfm)) | ||
| 1030 | crypto_free_ablkcipher(cc->tfm); | ||
| 1031 | |||
| 1032 | if (cc->dev) | ||
| 1033 | dm_put_device(ti, cc->dev); | ||
| 1034 | |||
| 1035 | kfree(cc->iv_mode); | ||
| 1036 | |||
| 1037 | /* Must zero key material before freeing */ | ||
| 1038 | kzfree(cc); | ||
| 1039 | } | ||
| 1040 | |||
| 1002 | /* | 1041 | /* |
| 1003 | * Construct an encryption mapping: | 1042 | * Construct an encryption mapping: |
| 1004 | * <cipher> <key> <iv_offset> <dev_path> <start> | 1043 | * <cipher> <key> <iv_offset> <dev_path> <start> |
| @@ -1006,7 +1045,6 @@ static int crypt_wipe_key(struct crypt_config *cc) | |||
| 1006 | static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | 1045 | static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) |
| 1007 | { | 1046 | { |
| 1008 | struct crypt_config *cc; | 1047 | struct crypt_config *cc; |
| 1009 | struct crypto_ablkcipher *tfm; | ||
| 1010 | char *tmp; | 1048 | char *tmp; |
| 1011 | char *cipher; | 1049 | char *cipher; |
| 1012 | char *chainmode; | 1050 | char *chainmode; |
| @@ -1014,6 +1052,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | |||
| 1014 | char *ivopts; | 1052 | char *ivopts; |
| 1015 | unsigned int key_size; | 1053 | unsigned int key_size; |
| 1016 | unsigned long long tmpll; | 1054 | unsigned long long tmpll; |
| 1055 | int ret = -EINVAL; | ||
| 1017 | 1056 | ||
| 1018 | if (argc != 5) { | 1057 | if (argc != 5) { |
| 1019 | ti->error = "Not enough arguments"; | 1058 | ti->error = "Not enough arguments"; |
| @@ -1032,12 +1071,13 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | |||
| 1032 | key_size = strlen(argv[1]) >> 1; | 1071 | key_size = strlen(argv[1]) >> 1; |
| 1033 | 1072 | ||
| 1034 | cc = kzalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL); | 1073 | cc = kzalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL); |
| 1035 | if (cc == NULL) { | 1074 | if (!cc) { |
| 1036 | ti->error = | 1075 | ti->error = "Cannot allocate transparent encryption context"; |
| 1037 | "Cannot allocate transparent encryption context"; | ||
| 1038 | return -ENOMEM; | 1076 | return -ENOMEM; |
| 1039 | } | 1077 | } |
| 1040 | 1078 | ||
| 1079 | ti->private = cc; | ||
| 1080 | |||
| 1041 | /* Compatibility mode for old dm-crypt cipher strings */ | 1081 | /* Compatibility mode for old dm-crypt cipher strings */ |
| 1042 | if (!chainmode || (strcmp(chainmode, "plain") == 0 && !ivmode)) { | 1082 | if (!chainmode || (strcmp(chainmode, "plain") == 0 && !ivmode)) { |
| 1043 | chainmode = "cbc"; | 1083 | chainmode = "cbc"; |
| @@ -1046,35 +1086,36 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | |||
| 1046 | 1086 | ||
| 1047 | if (strcmp(chainmode, "ecb") && !ivmode) { | 1087 | if (strcmp(chainmode, "ecb") && !ivmode) { |
| 1048 | ti->error = "This chaining mode requires an IV mechanism"; | 1088 | ti->error = "This chaining mode requires an IV mechanism"; |
| 1049 | goto bad_cipher; | 1089 | goto bad; |
| 1050 | } | 1090 | } |
| 1051 | 1091 | ||
| 1092 | ret = -ENOMEM; | ||
| 1052 | if (snprintf(cc->cipher, CRYPTO_MAX_ALG_NAME, "%s(%s)", | 1093 | if (snprintf(cc->cipher, CRYPTO_MAX_ALG_NAME, "%s(%s)", |
| 1053 | chainmode, cipher) >= CRYPTO_MAX_ALG_NAME) { | 1094 | chainmode, cipher) >= CRYPTO_MAX_ALG_NAME) { |
| 1054 | ti->error = "Chain mode + cipher name is too long"; | 1095 | ti->error = "Chain mode + cipher name is too long"; |
| 1055 | goto bad_cipher; | 1096 | goto bad; |
| 1056 | } | 1097 | } |
| 1057 | 1098 | ||
| 1058 | tfm = crypto_alloc_ablkcipher(cc->cipher, 0, 0); | 1099 | cc->tfm = crypto_alloc_ablkcipher(cc->cipher, 0, 0); |
| 1059 | if (IS_ERR(tfm)) { | 1100 | if (IS_ERR(cc->tfm)) { |
| 1060 | ti->error = "Error allocating crypto tfm"; | 1101 | ti->error = "Error allocating crypto tfm"; |
| 1061 | goto bad_cipher; | 1102 | goto bad; |
| 1062 | } | 1103 | } |
| 1063 | 1104 | ||
| 1064 | strcpy(cc->cipher, cipher); | 1105 | strcpy(cc->cipher, cipher); |
| 1065 | strcpy(cc->chainmode, chainmode); | 1106 | strcpy(cc->chainmode, chainmode); |
| 1066 | cc->tfm = tfm; | ||
| 1067 | 1107 | ||
| 1068 | if (crypt_set_key(cc, argv[1]) < 0) { | 1108 | ret = crypt_set_key(cc, argv[1]); |
| 1109 | if (ret < 0) { | ||
| 1069 | ti->error = "Error decoding and setting key"; | 1110 | ti->error = "Error decoding and setting key"; |
| 1070 | goto bad_ivmode; | 1111 | goto bad; |
| 1071 | } | 1112 | } |
| 1072 | 1113 | ||
| 1073 | /* | 1114 | /* |
| 1074 | * Choose ivmode. Valid modes: "plain", "essiv:<esshash>", "benbi". | 1115 | * Choose ivmode. Valid modes: "plain", "essiv:<esshash>", "benbi". |
| 1075 | * See comments at iv code | 1116 | * See comments at iv code |
| 1076 | */ | 1117 | */ |
| 1077 | 1118 | ret = -EINVAL; | |
| 1078 | if (ivmode == NULL) | 1119 | if (ivmode == NULL) |
| 1079 | cc->iv_gen_ops = NULL; | 1120 | cc->iv_gen_ops = NULL; |
| 1080 | else if (strcmp(ivmode, "plain") == 0) | 1121 | else if (strcmp(ivmode, "plain") == 0) |
| @@ -1089,20 +1130,28 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | |||
| 1089 | cc->iv_gen_ops = &crypt_iv_null_ops; | 1130 | cc->iv_gen_ops = &crypt_iv_null_ops; |
| 1090 | else { | 1131 | else { |
| 1091 | ti->error = "Invalid IV mode"; | 1132 | ti->error = "Invalid IV mode"; |
| 1092 | goto bad_ivmode; | 1133 | goto bad; |
| 1093 | } | 1134 | } |
| 1094 | 1135 | ||
| 1095 | if (cc->iv_gen_ops && cc->iv_gen_ops->ctr && | 1136 | /* Allocate IV */ |
| 1096 | cc->iv_gen_ops->ctr(cc, ti, ivopts) < 0) | 1137 | if (cc->iv_gen_ops && cc->iv_gen_ops->ctr) { |
| 1097 | goto bad_ivmode; | 1138 | ret = cc->iv_gen_ops->ctr(cc, ti, ivopts); |
| 1139 | if (ret < 0) { | ||
| 1140 | ti->error = "Error creating IV"; | ||
| 1141 | goto bad; | ||
| 1142 | } | ||
| 1143 | } | ||
| 1098 | 1144 | ||
| 1099 | if (cc->iv_gen_ops && cc->iv_gen_ops->init && | 1145 | /* Initialize IV (set keys for ESSIV etc) */ |
| 1100 | cc->iv_gen_ops->init(cc) < 0) { | 1146 | if (cc->iv_gen_ops && cc->iv_gen_ops->init) { |
| 1101 | ti->error = "Error initialising IV"; | 1147 | ret = cc->iv_gen_ops->init(cc); |
| 1102 | goto bad_slab_pool; | 1148 | if (ret < 0) { |
| 1149 | ti->error = "Error initialising IV"; | ||
| 1150 | goto bad; | ||
| 1151 | } | ||
| 1103 | } | 1152 | } |
| 1104 | 1153 | ||
| 1105 | cc->iv_size = crypto_ablkcipher_ivsize(tfm); | 1154 | cc->iv_size = crypto_ablkcipher_ivsize(cc->tfm); |
| 1106 | if (cc->iv_size) | 1155 | if (cc->iv_size) |
| 1107 | /* at least a 64 bit sector number should fit in our buffer */ | 1156 | /* at least a 64 bit sector number should fit in our buffer */ |
| 1108 | cc->iv_size = max(cc->iv_size, | 1157 | cc->iv_size = max(cc->iv_size, |
| @@ -1116,62 +1165,65 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | |||
| 1116 | } | 1165 | } |
| 1117 | } | 1166 | } |
| 1118 | 1167 | ||
| 1168 | ret = -ENOMEM; | ||
| 1119 | cc->io_pool = mempool_create_slab_pool(MIN_IOS, _crypt_io_pool); | 1169 | cc->io_pool = mempool_create_slab_pool(MIN_IOS, _crypt_io_pool); |
| 1120 | if (!cc->io_pool) { | 1170 | if (!cc->io_pool) { |
| 1121 | ti->error = "Cannot allocate crypt io mempool"; | 1171 | ti->error = "Cannot allocate crypt io mempool"; |
| 1122 | goto bad_slab_pool; | 1172 | goto bad; |
| 1123 | } | 1173 | } |
| 1124 | 1174 | ||
