1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright (C) 2018 Intel Corporation. 3 * All rights reserved. 4 * Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. 5 * All rights reserved. 6 */ 7 8 #include "vbdev_crypto.h" 9 10 #include "spdk_internal/assert.h" 11 #include "spdk/thread.h" 12 #include "spdk/bdev_module.h" 13 #include "spdk/likely.h" 14 15 /* Limit the max IO size by some reasonable value. Since in write operation we use aux buffer, 16 * let's set the limit to the bdev bounce aux buffer size */ 17 #define CRYPTO_MAX_IO SPDK_BDEV_LARGE_BUF_MAX_SIZE 18 19 struct bdev_names { 20 struct vbdev_crypto_opts *opts; 21 TAILQ_ENTRY(bdev_names) link; 22 }; 23 24 /* List of crypto_bdev names and their base bdevs via configuration file. */ 25 static TAILQ_HEAD(, bdev_names) g_bdev_names = TAILQ_HEAD_INITIALIZER(g_bdev_names); 26 27 struct vbdev_crypto { 28 struct spdk_bdev *base_bdev; /* the thing we're attaching to */ 29 struct spdk_bdev_desc *base_desc; /* its descriptor we get from open */ 30 struct spdk_bdev crypto_bdev; /* the crypto virtual bdev */ 31 struct vbdev_crypto_opts *opts; /* crypto options such as names and DEK */ 32 TAILQ_ENTRY(vbdev_crypto) link; 33 struct spdk_thread *thread; /* thread where base device is opened */ 34 }; 35 36 /* List of virtual bdevs and associated info for each. We keep the device friendly name here even 37 * though its also in the device struct because we use it early on. 38 */ 39 static TAILQ_HEAD(, vbdev_crypto) g_vbdev_crypto = TAILQ_HEAD_INITIALIZER(g_vbdev_crypto); 40 41 /* The crypto vbdev channel struct. It is allocated and freed on my behalf by the io channel code. 42 * We store things in here that are needed on per thread basis like the base_channel for this thread. 43 */ 44 struct crypto_io_channel { 45 struct spdk_io_channel *base_ch; /* IO channel of base device */ 46 struct spdk_io_channel *accel_channel; /* Accel engine channel used for crypto ops */ 47 struct spdk_accel_crypto_key *crypto_key; 48 TAILQ_HEAD(, spdk_bdev_io) in_accel_fw; /* request submitted to accel fw */ 49 struct spdk_io_channel_iter *reset_iter; /* used with for_each_channel in reset */ 50 }; 51 52 enum crypto_io_resubmit_state { 53 CRYPTO_IO_NEW, /* Resubmit IO from the scratch */ 54 CRYPTO_IO_READ_DONE, /* Need to decrypt */ 55 CRYPTO_IO_ENCRYPT_DONE, /* Need to write */ 56 }; 57 58 /* This is the crypto per IO context that the bdev layer allocates for us opaquely and attaches to 59 * each IO for us. 60 */ 61 struct crypto_bdev_io { 62 struct crypto_io_channel *crypto_ch; /* need to store for crypto completion handling */ 63 struct vbdev_crypto *crypto_bdev; /* the crypto node struct associated with this IO */ 64 struct spdk_bdev_io *read_io; /* the read IO we issued */ 65 /* Used for the single contiguous buffer that serves as the crypto destination target for writes */ 66 uint64_t aux_num_blocks; /* num of blocks for the contiguous buffer */ 67 uint64_t aux_offset_blocks; /* block offset on media */ 68 void *aux_buf_raw; /* raw buffer that the bdev layer gave us for write buffer */ 69 struct iovec aux_buf_iov; /* iov representing aligned contig write buffer */ 70 71 /* for bdev_io_wait */ 72 struct spdk_bdev_io_wait_entry bdev_io_wait; 73 enum crypto_io_resubmit_state resubmit_state; 74 }; 75 76 static void vbdev_crypto_queue_io(struct spdk_bdev_io *bdev_io, 77 enum crypto_io_resubmit_state state); 78 static void _complete_internal_io(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 79 static void _complete_internal_read(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 80 static void _complete_internal_write(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 81 static void vbdev_crypto_examine(struct spdk_bdev *bdev); 82 static int vbdev_crypto_claim(const char *bdev_name); 83 static void vbdev_crypto_submit_request(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io); 84 85 /* Following an encrypt or decrypt we need to then either write the encrypted data or finish 86 * the read on decrypted data. Do that here. 87 */ 88 static void 89 _crypto_operation_complete(void *ref, int status) 90 { 91 struct spdk_bdev_io *bdev_io = ref; 92 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 93 crypto_bdev); 94 struct crypto_bdev_io *crypto_io = (struct crypto_bdev_io *)bdev_io->driver_ctx; 95 struct crypto_io_channel *crypto_ch = crypto_io->crypto_ch; 96 struct spdk_bdev_io *free_me = crypto_io->read_io; 97 int rc = 0; 98 99 if (status || crypto_ch->reset_iter) { 100 /* If we're completing this with an outstanding reset we need to fail it */ 101 rc = -EINVAL; 102 } 103 104 TAILQ_REMOVE(&crypto_ch->in_accel_fw, bdev_io, module_link); 105 106 if (bdev_io->type == SPDK_BDEV_IO_TYPE_READ) { 107 /* Complete the original IO and then free the one that we created 108 * as a result of issuing an IO via submit_request. 109 */ 110 if (!rc) { 111 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_SUCCESS); 112 } else { 113 SPDK_ERRLOG("Issue with decryption on bdev_io %p\n", bdev_io); 114 } 115 spdk_bdev_free_io(free_me); 116 117 } else if (bdev_io->type == SPDK_BDEV_IO_TYPE_WRITE) { 118 if (!rc) { 119 /* Write the encrypted data. */ 120 rc = spdk_bdev_writev_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 121 &crypto_io->aux_buf_iov, 1, crypto_io->aux_offset_blocks, 122 crypto_io->aux_num_blocks, _complete_internal_write, 123 bdev_io); 124 if (rc == -ENOMEM) { 125 vbdev_crypto_queue_io(bdev_io, CRYPTO_IO_ENCRYPT_DONE); 126 goto check_reset; 127 } 128 } else { 129 SPDK_ERRLOG("Issue with encryption on bdev_io %p\n", bdev_io); 130 } 131 } else { 132 SPDK_ERRLOG("Unknown bdev type %u on crypto operation completion\n", bdev_io->type); 133 rc = -EINVAL; 134 } 135 136 if (rc) { 137 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 138 } 139 140 check_reset: 141 /* If the channel iter is not NULL, we need to wait 142 * until the pending list is empty, then we can move on to the 143 * next channel. 144 */ 145 if (crypto_ch->reset_iter && TAILQ_EMPTY(&crypto_ch->in_accel_fw)) { 146 SPDK_NOTICELOG("Channel %p has been quiesced.\n", crypto_ch); 147 spdk_for_each_channel_continue(crypto_ch->reset_iter, 0); 148 crypto_ch->reset_iter = NULL; 149 } 150 } 151 152 /* We're either encrypting on the way down or decrypting on the way back. */ 153 static int 154 _crypto_operation(struct spdk_bdev_io *bdev_io, bool encrypt, void *aux_buf) 155 { 156 struct crypto_bdev_io *crypto_io = (struct crypto_bdev_io *)bdev_io->driver_ctx; 157 struct crypto_io_channel *crypto_ch = crypto_io->crypto_ch; 158 uint32_t crypto_len = crypto_io->crypto_bdev->crypto_bdev.blocklen; 159 uint64_t total_length; 160 uint64_t alignment; 161 int rc; 162 163 /* For encryption, we need to prepare a single contiguous buffer as the encryption 164 * destination, we'll then pass that along for the write after encryption is done. 165 * This is done to avoiding encrypting the provided write buffer which may be 166 * undesirable in some use cases. 167 */ 168 if (encrypt) { 169 total_length = bdev_io->u.bdev.num_blocks * crypto_len; 170 alignment = spdk_bdev_get_buf_align(&crypto_io->crypto_bdev->crypto_bdev); 171 crypto_io->aux_buf_iov.iov_len = total_length; 172 crypto_io->aux_buf_raw = aux_buf; 173 crypto_io->aux_buf_iov.iov_base = (void *)(((uintptr_t)aux_buf + (alignment - 1)) & ~ 174 (alignment - 1)); 175 crypto_io->aux_offset_blocks = bdev_io->u.bdev.offset_blocks; 176 crypto_io->aux_num_blocks = bdev_io->u.bdev.num_blocks; 177 178 rc = spdk_accel_submit_encrypt(crypto_ch->accel_channel, crypto_ch->crypto_key, 179 &crypto_io->aux_buf_iov, 1, 180 bdev_io->u.bdev.iovs, bdev_io->u.bdev.iovcnt, 181 bdev_io->u.bdev.offset_blocks, crypto_len, 0, 182 _crypto_operation_complete, bdev_io); 183 } else { 184 rc = spdk_accel_submit_decrypt(crypto_ch->accel_channel, crypto_ch->crypto_key, 185 bdev_io->u.bdev.iovs, bdev_io->u.bdev.iovcnt, bdev_io->u.bdev.iovs, 186 bdev_io->u.bdev.iovcnt, bdev_io->u.bdev.offset_blocks, 187 crypto_len, 0, 188 _crypto_operation_complete, bdev_io); 189 } 190 191 if (!rc) { 192 TAILQ_INSERT_TAIL(&crypto_ch->in_accel_fw, bdev_io, module_link); 193 } 194 195 return rc; 196 } 197 198 /* This function is called after all channels have been quiesced following 199 * a bdev reset. 200 */ 201 static void 202 _ch_quiesce_done(struct spdk_io_channel_iter *i, int status) 203 { 204 struct crypto_bdev_io *crypto_io = spdk_io_channel_iter_get_ctx(i); 205 struct spdk_bdev_io *bdev_io = spdk_bdev_io_from_ctx(crypto_io); 206 207 assert(TAILQ_EMPTY(&crypto_io->crypto_ch->in_accel_fw)); 208 209 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_SUCCESS); 210 } 211 212 static void 213 _ch_quiesce(struct spdk_io_channel_iter *i) 214 { 215 struct spdk_io_channel *ch = spdk_io_channel_iter_get_channel(i); 216 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 217 218 if (TAILQ_EMPTY(&crypto_ch->in_accel_fw)) { 219 spdk_for_each_channel_continue(i, 0); 220 } else { 221 /* In accel completion callback we will see the non-NULL iter and handle the quiesce */ 222 crypto_ch->reset_iter = i; 223 } 224 } 225 226 /* Completion callback for IO that were issued from this bdev other than read/write. 227 * They have their own for readability. 228 */ 229 static void 230 _complete_internal_io(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 231 { 232 struct spdk_bdev_io *orig_io = cb_arg; 233 int status = success ? SPDK_BDEV_IO_STATUS_SUCCESS : SPDK_BDEV_IO_STATUS_FAILED; 234 235 if (bdev_io->type == SPDK_BDEV_IO_TYPE_RESET) { 236 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 237 238 spdk_bdev_free_io(bdev_io); 239 240 spdk_for_each_channel(orig_ctx->crypto_bdev, 241 _ch_quiesce, 242 orig_ctx, 243 _ch_quiesce_done); 244 return; 245 } 246 247 spdk_bdev_io_complete(orig_io, status); 248 spdk_bdev_free_io(bdev_io); 249 } 250 251 /* Completion callback for writes that were issued from this bdev. */ 252 static void 253 _complete_internal_write(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 254 { 255 struct spdk_bdev_io *orig_io = cb_arg; 256 int status = success ? SPDK_BDEV_IO_STATUS_SUCCESS : SPDK_BDEV_IO_STATUS_FAILED; 257 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 258 259 spdk_bdev_io_put_aux_buf(orig_io, orig_ctx->aux_buf_raw); 260 261 spdk_bdev_io_complete(orig_io, status); 262 spdk_bdev_free_io(bdev_io); 263 } 264 265 /* Completion callback for reads that were issued from this bdev. */ 266 static void 267 _complete_internal_read(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 268 { 269 struct spdk_bdev_io *orig_io = cb_arg; 270 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 271 int rc; 272 273 if (success) { 274 /* Save off this bdev_io so it can be freed after decryption. */ 275 orig_ctx->read_io = bdev_io; 276 rc = _crypto_operation(orig_io, false, NULL); 277 if (!rc) { 278 return; 279 } else { 280 if (rc == -ENOMEM) { 281 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 282 /* We will repeat crypto operation later */ 283 vbdev_crypto_queue_io(orig_io, CRYPTO_IO_READ_DONE); 284 return; 285 } else { 286 SPDK_ERRLOG("Failed to decrypt, rc %d\n", rc); 287 } 288 } 289 } else { 290 SPDK_ERRLOG("Failed to read prior to decrypting!\n"); 291 } 292 293 spdk_bdev_io_complete(orig_io, SPDK_BDEV_IO_STATUS_FAILED); 294 spdk_bdev_free_io(bdev_io); 295 } 296 297 static void 298 vbdev_crypto_resubmit_io(void *arg) 299 { 300 struct spdk_bdev_io *bdev_io = (struct spdk_bdev_io *)arg; 301 struct crypto_bdev_io *crypto_io = (struct crypto_bdev_io *)bdev_io->driver_ctx; 302 struct spdk_io_channel *ch; 303 304 switch (crypto_io->resubmit_state) { 305 case CRYPTO_IO_NEW: 306 assert(crypto_io->crypto_ch); 307 ch = spdk_io_channel_from_ctx(crypto_io->crypto_ch); 308 vbdev_crypto_submit_request(ch, bdev_io); 309 break; 310 case CRYPTO_IO_ENCRYPT_DONE: 311 _crypto_operation_complete(bdev_io, 0); 312 break; 313 case CRYPTO_IO_READ_DONE: 314 _complete_internal_read(crypto_io->read_io, true, bdev_io); 315 break; 316 default: 317 SPDK_UNREACHABLE(); 318 } 319 } 320 321 static void 322 vbdev_crypto_queue_io(struct spdk_bdev_io *bdev_io, enum crypto_io_resubmit_state state) 323 { 324 struct crypto_bdev_io *crypto_io = (struct crypto_bdev_io *)bdev_io->driver_ctx; 325 int rc; 326 327 crypto_io->bdev_io_wait.bdev = bdev_io->bdev; 328 crypto_io->bdev_io_wait.cb_fn = vbdev_crypto_resubmit_io; 329 crypto_io->bdev_io_wait.cb_arg = bdev_io; 330 crypto_io->resubmit_state = state; 331 332 rc = spdk_bdev_queue_io_wait(bdev_io->bdev, crypto_io->crypto_ch->base_ch, 333 &crypto_io->bdev_io_wait); 334 if (rc != 0) { 335 SPDK_ERRLOG("Queue io failed in vbdev_crypto_queue_io, rc=%d.\n", rc); 336 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 337 } 338 } 339 340 /* Callback for getting a buf from the bdev pool in the event that the caller passed 341 * in NULL, we need to own the buffer so it doesn't get freed by another vbdev module 342 * beneath us before we're done with it. 343 */ 344 static void 345 crypto_read_get_buf_cb(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io, 346 bool success) 347 { 348 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 349 crypto_bdev); 350 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 351 int rc; 352 353 if (!success) { 354 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 355 return; 356 } 357 358 rc = spdk_bdev_readv_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, bdev_io->u.bdev.iovs, 359 bdev_io->u.bdev.iovcnt, bdev_io->u.bdev.offset_blocks, 360 bdev_io->u.bdev.num_blocks, _complete_internal_read, 361 bdev_io); 362 if (rc != 0) { 363 if (rc == -ENOMEM) { 364 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 365 vbdev_crypto_queue_io(bdev_io, CRYPTO_IO_NEW); 366 } else { 367 SPDK_ERRLOG("Failed to submit bdev_io!\n"); 368 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 369 } 370 } 371 } 372 373 /* For encryption we don't want to encrypt the data in place as the host isn't 374 * expecting us to mangle its data buffers so we need to encrypt into the bdev 375 * aux buffer, then we can use that as the source for the disk data transfer. 376 */ 377 static void 378 crypto_write_get_buf_cb(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io, 379 void *aux_buf) 380 { 381 int rc; 382 383 if (spdk_unlikely(!aux_buf)) { 384 SPDK_ERRLOG("Failed to get aux buffer!\n"); 385 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 386 return; 387 } 388 rc = _crypto_operation(bdev_io, true, aux_buf); 389 if (rc != 0) { 390 spdk_bdev_io_put_aux_buf(bdev_io, aux_buf); 391 if (rc == -ENOMEM) { 392 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 393 vbdev_crypto_queue_io(bdev_io, CRYPTO_IO_NEW); 394 } else { 395 SPDK_ERRLOG("Failed to submit crypto operation!\n"); 396 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 397 } 398 } 399 } 400 401 /* Called when someone submits IO to this crypto vbdev. For IO's not relevant to crypto, 402 * we're simply passing it on here via SPDK IO calls which in turn allocate another bdev IO 403 * and call our cpl callback provided below along with the original bdev_io so that we can 404 * complete it once this IO completes. For crypto operations, we'll either encrypt it first 405 * (writes) then call back into bdev to submit it or we'll submit a read and then catch it 406 * on the way back for decryption. 407 */ 408 static void 409 vbdev_crypto_submit_request(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io) 410 { 411 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 412 crypto_bdev); 413 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 414 struct crypto_bdev_io *crypto_io = (struct crypto_bdev_io *)bdev_io->driver_ctx; 415 int rc = 0; 416 417 memset(crypto_io, 0, sizeof(struct crypto_bdev_io)); 418 crypto_io->crypto_bdev = crypto_bdev; 419 crypto_io->crypto_ch = crypto_ch; 420 421 switch (bdev_io->type) { 422 case SPDK_BDEV_IO_TYPE_READ: 423 spdk_bdev_io_get_buf(bdev_io, crypto_read_get_buf_cb, 424 bdev_io->u.bdev.num_blocks * bdev_io->bdev->blocklen); 425 break; 426 case SPDK_BDEV_IO_TYPE_WRITE: 427 /* Tell the bdev layer that we need an aux buf in addition to the data 428 * buf already associated with the bdev. 429 */ 430 spdk_bdev_io_get_aux_buf(bdev_io, crypto_write_get_buf_cb); 431 break; 432 case SPDK_BDEV_IO_TYPE_UNMAP: 433 rc = spdk_bdev_unmap_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 434 bdev_io->u.bdev.offset_blocks, 435 bdev_io->u.bdev.num_blocks, 436 _complete_internal_io, bdev_io); 437 break; 438 case SPDK_BDEV_IO_TYPE_FLUSH: 439 rc = spdk_bdev_flush_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 440 bdev_io->u.bdev.offset_blocks, 441 bdev_io->u.bdev.num_blocks, 442 _complete_internal_io, bdev_io); 443 break; 444 case SPDK_BDEV_IO_TYPE_RESET: 445 rc = spdk_bdev_reset(crypto_bdev->base_desc, crypto_ch->base_ch, 446 _complete_internal_io, bdev_io); 447 break; 448 case SPDK_BDEV_IO_TYPE_WRITE_ZEROES: 449 default: 450 SPDK_ERRLOG("crypto: unknown I/O type %d\n", bdev_io->type); 451 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 452 return; 453 } 454 455 if (rc != 0) { 456 if (rc == -ENOMEM) { 457 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 458 vbdev_crypto_queue_io(bdev_io, CRYPTO_IO_NEW); 459 } else { 460 SPDK_ERRLOG("Failed to submit bdev_io!\n"); 461 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 462 } 463 } 464 } 465 466 /* We'll just call the base bdev and let it answer except for WZ command which 467 * we always say we don't support so that the bdev layer will actually send us 468 * real writes that we can encrypt. 469 */ 470 static bool 471 vbdev_crypto_io_type_supported(void *ctx, enum spdk_bdev_io_type io_type) 472 { 473 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 474 475 switch (io_type) { 476 case SPDK_BDEV_IO_TYPE_WRITE: 477 case SPDK_BDEV_IO_TYPE_UNMAP: 478 case SPDK_BDEV_IO_TYPE_RESET: 479 case SPDK_BDEV_IO_TYPE_READ: 480 case SPDK_BDEV_IO_TYPE_FLUSH: 481 return spdk_bdev_io_type_supported(crypto_bdev->base_bdev, io_type); 482 case SPDK_BDEV_IO_TYPE_WRITE_ZEROES: 483 /* Force the bdev layer to issue actual writes of zeroes so we can 484 * encrypt them as regular writes. 485 */ 486 default: 487 return false; 488 } 489 } 490 491 /* Callback for unregistering the IO device. */ 492 static void 493 _device_unregister_cb(void *io_device) 494 { 495 struct vbdev_crypto *crypto_bdev = io_device; 496 497 /* Done with this crypto_bdev. */ 498 crypto_bdev->opts = NULL; 499 500 spdk_bdev_destruct_done(&crypto_bdev->crypto_bdev, 0); 501 free(crypto_bdev->crypto_bdev.name); 502 free(crypto_bdev); 503 } 504 505 /* Wrapper for the bdev close operation. */ 506 static void 507 _vbdev_crypto_destruct(void *ctx) 508 { 509 struct spdk_bdev_desc *desc = ctx; 510 511 spdk_bdev_close(desc); 512 } 513 514 /* Called after we've unregistered following a hot remove callback. 515 * Our finish entry point will be called next. 516 */ 517 static int 518 vbdev_crypto_destruct(void *ctx) 519 { 520 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 521 522 /* Remove this device from the internal list */ 523 TAILQ_REMOVE(&g_vbdev_crypto, crypto_bdev, link); 524 525 /* Unclaim the underlying bdev. */ 526 spdk_bdev_module_release_bdev(crypto_bdev->base_bdev); 527 528 /* Close the underlying bdev on its same opened thread. */ 529 if (crypto_bdev->thread && crypto_bdev->thread != spdk_get_thread()) { 530 spdk_thread_send_msg(crypto_bdev->thread, _vbdev_crypto_destruct, crypto_bdev->base_desc); 531 } else { 532 spdk_bdev_close(crypto_bdev->base_desc); 533 } 534 535 /* Unregister the io_device. */ 536 spdk_io_device_unregister(crypto_bdev, _device_unregister_cb); 537 538 return 1; 539 } 540 541 /* We supplied this as an entry point for upper layers who want to communicate to this 542 * bdev. This is how they get a channel. We are passed the same context we provided when 543 * we created our crypto vbdev in examine() which, for this bdev, is the address of one of 544 * our context nodes. From here we'll ask the SPDK channel code to fill out our channel 545 * struct and we'll keep it in our crypto node. 546 */ 547 static struct spdk_io_channel * 548 vbdev_crypto_get_io_channel(void *ctx) 549 { 550 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 551 552 /* The IO channel code will allocate a channel for us which consists of 553 * the SPDK channel structure plus the size of our crypto_io_channel struct 554 * that we passed in when we registered our IO device. It will then call 555 * our channel create callback to populate any elements that we need to 556 * update. 557 */ 558 return spdk_get_io_channel(crypto_bdev); 559 } 560 561 /* This is the output for bdev_get_bdevs() for this vbdev */ 562 static int 563 vbdev_crypto_dump_info_json(void *ctx, struct spdk_json_write_ctx *w) 564 { 565 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 566 567 spdk_json_write_name(w, "crypto"); 568 spdk_json_write_object_begin(w); 569 spdk_json_write_named_string(w, "base_bdev_name", spdk_bdev_get_name(crypto_bdev->base_bdev)); 570 spdk_json_write_named_string(w, "name", spdk_bdev_get_name(&crypto_bdev->crypto_bdev)); 571 spdk_json_write_named_string(w, "key_name", crypto_bdev->opts->key->param.key_name); 572 spdk_json_write_object_end(w); 573 574 return 0; 575 } 576 577 static int 578 vbdev_crypto_config_json(struct spdk_json_write_ctx *w) 579 { 580 struct vbdev_crypto *crypto_bdev; 581 582 TAILQ_FOREACH(crypto_bdev, &g_vbdev_crypto, link) { 583 spdk_json_write_object_begin(w); 584 spdk_json_write_named_string(w, "method", "bdev_crypto_create"); 585 spdk_json_write_named_object_begin(w, "params"); 586 spdk_json_write_named_string(w, "base_bdev_name", spdk_bdev_get_name(crypto_bdev->base_bdev)); 587 spdk_json_write_named_string(w, "name", spdk_bdev_get_name(&crypto_bdev->crypto_bdev)); 588 spdk_json_write_named_string(w, "key_name", crypto_bdev->opts->key->param.key_name); 589 spdk_json_write_object_end(w); 590 spdk_json_write_object_end(w); 591 } 592 return 0; 593 } 594 595 /* We provide this callback for the SPDK channel code to create a channel using 596 * the channel struct we provided in our module get_io_channel() entry point. Here 597 * we get and save off an underlying base channel of the device below us so that 598 * we can communicate with the base bdev on a per channel basis. We also register the 599 * poller used to complete crypto operations from the device. 600 */ 601 static int 602 crypto_bdev_ch_create_cb(void *io_device, void *ctx_buf) 603 { 604 struct crypto_io_channel *crypto_ch = ctx_buf; 605 struct vbdev_crypto *crypto_bdev = io_device; 606 607 crypto_ch->base_ch = spdk_bdev_get_io_channel(crypto_bdev->base_desc); 608 crypto_ch->accel_channel = spdk_accel_get_io_channel(); 609 crypto_ch->crypto_key = crypto_bdev->opts->key; 610 611 /* We use this queue to track outstanding IO in our layer. */ 612 TAILQ_INIT(&crypto_ch->in_accel_fw); 613 614 return 0; 615 } 616 617 /* We provide this callback for the SPDK channel code to destroy a channel 618 * created with our create callback. We just need to undo anything we did 619 * when we created. 620 */ 621 static void 622 crypto_bdev_ch_destroy_cb(void *io_device, void *ctx_buf) 623 { 624 struct crypto_io_channel *crypto_ch = ctx_buf; 625 626 spdk_put_io_channel(crypto_ch->base_ch); 627 spdk_put_io_channel(crypto_ch->accel_channel); 628 } 629 630 /* Create the association from the bdev and vbdev name and insert 631 * on the global list. */ 632 static int 633 vbdev_crypto_insert_name(struct vbdev_crypto_opts *opts, struct bdev_names **out) 634 { 635 struct bdev_names *name; 636 637 assert(opts); 638 assert(out); 639 640 TAILQ_FOREACH(name, &g_bdev_names, link) { 641 if (strcmp(opts->vbdev_name, name->opts->vbdev_name) == 0) { 642 SPDK_ERRLOG("Crypto bdev %s already exists\n", opts->vbdev_name); 643 return -EEXIST; 644 } 645 } 646 647 name = calloc(1, sizeof(struct bdev_names)); 648 if (!name) { 649 SPDK_ERRLOG("Failed to allocate memory for bdev_names.\n"); 650 return -ENOMEM; 651 } 652 653 name->opts = opts; 654 TAILQ_INSERT_TAIL(&g_bdev_names, name, link); 655 *out = name; 656 657 return 0; 658 } 659 660 void 661 free_crypto_opts(struct vbdev_crypto_opts *opts) 662 { 663 free(opts->bdev_name); 664 free(opts->vbdev_name); 665 free(opts); 666 } 667 668 static void 669 vbdev_crypto_delete_name(struct bdev_names *name) 670 { 671 TAILQ_REMOVE(&g_bdev_names, name, link); 672 if (name->opts) { 673 if (name->opts->key_owner && name->opts->key) { 674 spdk_accel_crypto_key_destroy(name->opts->key); 675 } 676 free_crypto_opts(name->opts); 677 name->opts = NULL; 678 } 679 free(name); 680 } 681 682 /* RPC entry point for crypto creation. */ 683 int 684 create_crypto_disk(struct vbdev_crypto_opts *opts) 685 { 686 struct bdev_names *name = NULL; 687 int rc; 688 689 rc = vbdev_crypto_insert_name(opts, &name); 690 if (rc) { 691 return rc; 692 } 693 694 rc = vbdev_crypto_claim(opts->bdev_name); 695 if (rc == -ENODEV) { 696 SPDK_NOTICELOG("vbdev creation deferred pending base bdev arrival\n"); 697 rc = 0; 698 } 699 700 if (rc) { 701 assert(name != NULL); 702 /* In case of error we let the caller function to deallocate @opts 703 * since it is its responsibility. Setting name->opts = NULL let's 704 * vbdev_crypto_delete_name() know it does not have to do anything 705 * about @opts. 706 */ 707 name->opts = NULL; 708 vbdev_crypto_delete_name(name); 709 } 710 return rc; 711 } 712 713 /* Called at driver init time, parses config file to prepare for examine calls, 714 * also fully initializes the crypto drivers. 715 */ 716 static int 717 vbdev_crypto_init(void) 718 { 719 return 0; 720 } 721 722 /* Called when the entire module is being torn down. */ 723 static void 724 vbdev_crypto_finish(void) 725 { 726 struct bdev_names *name; 727 728 while ((name = TAILQ_FIRST(&g_bdev_names))) { 729 vbdev_crypto_delete_name(name); 730 } 731 } 732 733 /* During init we'll be asked how much memory we'd like passed to us 734 * in bev_io structures as context. Here's where we specify how 735 * much context we want per IO. 736 */ 737 static int 738 vbdev_crypto_get_ctx_size(void) 739 { 740 return sizeof(struct crypto_bdev_io); 741 } 742 743 static void 744 vbdev_crypto_base_bdev_hotremove_cb(struct spdk_bdev *bdev_find) 745 { 746 struct vbdev_crypto *crypto_bdev, *tmp; 747 748 TAILQ_FOREACH_SAFE(crypto_bdev, &g_vbdev_crypto, link, tmp) { 749 if (bdev_find == crypto_bdev->base_bdev) { 750 spdk_bdev_unregister(&crypto_bdev->crypto_bdev, NULL, NULL); 751 } 752 } 753 } 754 755 /* Called when the underlying base bdev triggers asynchronous event such as bdev removal. */ 756 static void 757 vbdev_crypto_base_bdev_event_cb(enum spdk_bdev_event_type type, struct spdk_bdev *bdev, 758 void *event_ctx) 759 { 760 switch (type) { 761 case SPDK_BDEV_EVENT_REMOVE: 762 vbdev_crypto_base_bdev_hotremove_cb(bdev); 763 break; 764 default: 765 SPDK_NOTICELOG("Unsupported bdev event: type %d\n", type); 766 break; 767 } 768 } 769 770 /* When we register our bdev this is how we specify our entry points. */ 771 static const struct spdk_bdev_fn_table vbdev_crypto_fn_table = { 772 .destruct = vbdev_crypto_destruct, 773 .submit_request = vbdev_crypto_submit_request, 774 .io_type_supported = vbdev_crypto_io_type_supported, 775 .get_io_channel = vbdev_crypto_get_io_channel, 776 .dump_info_json = vbdev_crypto_dump_info_json, 777 }; 778 779 static struct spdk_bdev_module crypto_if = { 780 .name = "crypto", 781 .module_init = vbdev_crypto_init, 782 .get_ctx_size = vbdev_crypto_get_ctx_size, 783 .examine_config = vbdev_crypto_examine, 784 .module_fini = vbdev_crypto_finish, 785 .config_json = vbdev_crypto_config_json 786 }; 787 788 SPDK_BDEV_MODULE_REGISTER(crypto, &crypto_if) 789 790 static int 791 vbdev_crypto_claim(const char *bdev_name) 792 { 793 struct bdev_names *name; 794 struct vbdev_crypto *vbdev; 795 struct spdk_bdev *bdev; 796 int rc = 0; 797 798 /* Check our list of names from config versus this bdev and if 799 * there's a match, create the crypto_bdev & bdev accordingly. 800 */ 801 TAILQ_FOREACH(name, &g_bdev_names, link) { 802 if (strcmp(name->opts->bdev_name, bdev_name) != 0) { 803 continue; 804 } 805 SPDK_DEBUGLOG(vbdev_crypto, "Match on %s\n", bdev_name); 806 807 vbdev = calloc(1, sizeof(struct vbdev_crypto)); 808 if (!vbdev) { 809 SPDK_ERRLOG("Failed to allocate memory for crypto_bdev.\n"); 810 return -ENOMEM; 811 } 812 vbdev->crypto_bdev.product_name = "crypto"; 813 814 vbdev->crypto_bdev.name = strdup(name->opts->vbdev_name); 815 if (!vbdev->crypto_bdev.name) { 816 SPDK_ERRLOG("Failed to allocate memory for crypto_bdev name.\n"); 817 rc = -ENOMEM; 818 goto error_bdev_name; 819 } 820 821 rc = spdk_bdev_open_ext(bdev_name, true, vbdev_crypto_base_bdev_event_cb, 822 NULL, &vbdev->base_desc); 823 if (rc) { 824 if (rc != -ENODEV) { 825 SPDK_ERRLOG("Failed to open bdev %s: error %d\n", bdev_name, rc); 826 } 827 goto error_open; 828 } 829 830 bdev = spdk_bdev_desc_get_bdev(vbdev->base_desc); 831 vbdev->base_bdev = bdev; 832 833 vbdev->crypto_bdev.write_cache = bdev->write_cache; 834 if (bdev->optimal_io_boundary > 0) { 835 vbdev->crypto_bdev.optimal_io_boundary = 836 spdk_min((CRYPTO_MAX_IO / bdev->blocklen), bdev->optimal_io_boundary); 837 } else { 838 vbdev->crypto_bdev.optimal_io_boundary = (CRYPTO_MAX_IO / bdev->blocklen); 839 } 840 vbdev->crypto_bdev.split_on_optimal_io_boundary = true; 841 if (bdev->required_alignment > 0) { 842 vbdev->crypto_bdev.required_alignment = bdev->required_alignment; 843 } else { 844 /* Some accel modules may not support SGL input or output, if this module works with physical 845 * addresses, unaligned buffer may cross huge page boundary which leads to scattered payload. 846 * To avoid such cases, set required_alignment to the block size */ 847 vbdev->crypto_bdev.required_alignment = spdk_u32log2(bdev->blocklen); 848 } 849 vbdev->crypto_bdev.blocklen = bdev->blocklen; 850 vbdev->crypto_bdev.blockcnt = bdev->blockcnt; 851 852 /* This is the context that is passed to us when the bdev 853 * layer calls in so we'll save our crypto_bdev node here. 854 */ 855 vbdev->crypto_bdev.ctxt = vbdev; 856 vbdev->crypto_bdev.fn_table = &vbdev_crypto_fn_table; 857 vbdev->crypto_bdev.module = &crypto_if; 858 859 /* Assign crypto opts from the name. The pointer is valid up to the point 860 * the module is unloaded and all names removed from the list. */ 861 vbdev->opts = name->opts; 862 863 TAILQ_INSERT_TAIL(&g_vbdev_crypto, vbdev, link); 864 865 spdk_io_device_register(vbdev, crypto_bdev_ch_create_cb, crypto_bdev_ch_destroy_cb, 866 sizeof(struct crypto_io_channel), vbdev->crypto_bdev.name); 867 868 /* Save the thread where the base device is opened */ 869 vbdev->thread = spdk_get_thread(); 870 871 rc = spdk_bdev_module_claim_bdev(bdev, vbdev->base_desc, vbdev->crypto_bdev.module); 872 if (rc) { 873 SPDK_ERRLOG("Failed to claim bdev %s\n", spdk_bdev_get_name(bdev)); 874 goto error_claim; 875 } 876 877 rc = spdk_bdev_register(&vbdev->crypto_bdev); 878 if (rc < 0) { 879 SPDK_ERRLOG("Failed to register vbdev: error %d\n", rc); 880 rc = -EINVAL; 881 goto error_bdev_register; 882 } 883 SPDK_DEBUGLOG(vbdev_crypto, "Registered io_device and virtual bdev for: %s\n", 884 vbdev->opts->vbdev_name); 885 break; 886 } 887 888 return rc; 889 890 /* Error cleanup paths. */ 891 error_bdev_register: 892 spdk_bdev_module_release_bdev(vbdev->base_bdev); 893 error_claim: 894 TAILQ_REMOVE(&g_vbdev_crypto, vbdev, link); 895 spdk_io_device_unregister(vbdev, NULL); 896 spdk_bdev_close(vbdev->base_desc); 897 error_open: 898 free(vbdev->crypto_bdev.name); 899 error_bdev_name: 900 free(vbdev); 901 902 return rc; 903 } 904 905 struct crypto_delete_disk_ctx { 906 spdk_delete_crypto_complete cb_fn; 907 void *cb_arg; 908 char *bdev_name; 909 }; 910 911 static void 912 delete_crypto_disk_bdev_name(void *ctx, int rc) 913 { 914 struct bdev_names *name; 915 struct crypto_delete_disk_ctx *disk_ctx = ctx; 916 917 /* Remove the association (vbdev, bdev) from g_bdev_names. This is required so that the 918 * vbdev does not get re-created if the same bdev is constructed at some other time, 919 * unless the underlying bdev was hot-removed. */ 920 TAILQ_FOREACH(name, &g_bdev_names, link) { 921 if (strcmp(name->opts->vbdev_name, disk_ctx->bdev_name) == 0) { 922 vbdev_crypto_delete_name(name); 923 break; 924 } 925 } 926 927 disk_ctx->cb_fn(disk_ctx->cb_arg, rc); 928 929 free(disk_ctx->bdev_name); 930 free(disk_ctx); 931 } 932 933 /* RPC entry for deleting a crypto vbdev. */ 934 void 935 delete_crypto_disk(const char *bdev_name, spdk_delete_crypto_complete cb_fn, 936 void *cb_arg) 937 { 938 int rc; 939 struct crypto_delete_disk_ctx *ctx; 940 941 ctx = calloc(1, sizeof(struct crypto_delete_disk_ctx)); 942 if (!ctx) { 943 SPDK_ERRLOG("Failed to allocate delete crypto disk ctx\n"); 944 cb_fn(cb_arg, -ENOMEM); 945 return; 946 } 947 948 ctx->bdev_name = strdup(bdev_name); 949 if (!ctx->bdev_name) { 950 SPDK_ERRLOG("Failed to copy bdev_name\n"); 951 free(ctx); 952 cb_fn(cb_arg, -ENOMEM); 953 return; 954 } 955 ctx->cb_arg = cb_arg; 956 ctx->cb_fn = cb_fn; 957 /* Some cleanup happens in the destruct callback. */ 958 rc = spdk_bdev_unregister_by_name(bdev_name, &crypto_if, delete_crypto_disk_bdev_name, ctx); 959 if (rc != 0) { 960 SPDK_ERRLOG("Encountered an error during bdev unregistration\n"); 961 cb_fn(cb_arg, rc); 962 free(ctx->bdev_name); 963 free(ctx); 964 } 965 } 966 967 /* Because we specified this function in our crypto bdev function table when we 968 * registered our crypto bdev, we'll get this call anytime a new bdev shows up. 969 * Here we need to decide if we care about it and if so what to do. We 970 * parsed the config file at init so we check the new bdev against the list 971 * we built up at that time and if the user configured us to attach to this 972 * bdev, here's where we do it. 973 */ 974 static void 975 vbdev_crypto_examine(struct spdk_bdev *bdev) 976 { 977 vbdev_crypto_claim(spdk_bdev_get_name(bdev)); 978 spdk_bdev_module_examine_done(&crypto_if); 979 } 980 981 SPDK_LOG_REGISTER_COMPONENT(vbdev_crypto) 982