linux/net/ceph
Ilya Dryomov a45f795c65 libceph: introduce ceph_crypt() for in-place en/decryption
Starting with 4.9, kernel stacks may be vmalloced and therefore not
guaranteed to be physically contiguous; the new CONFIG_VMAP_STACK
option is enabled by default on x86.  This makes it invalid to use
on-stack buffers with the crypto scatterlist API, as sg_set_buf()
expects a logical address and won't work with vmalloced addresses.

There isn't a different (e.g. kvec-based) crypto API we could switch
net/ceph/crypto.c to and the current scatterlist.h API isn't getting
updated to accommodate this use case.  Allocating a new header and
padding for each operation is a non-starter, so do the en/decryption
in-place on a single pre-assembled (header + data + padding) heap
buffer.  This is explicitly supported by the crypto API:

    "... the caller may provide the same scatter/gather list for the
     plaintext and cipher text. After the completion of the cipher
     operation, the plaintext data is replaced with the ciphertext data
     in case of an encryption and vice versa for a decryption."

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
2016-12-12 23:09:19 +01:00
..
crush crush: remove redundant local variable 2016-10-05 23:02:10 +02:00
armor.c libceph: Fix base64-decoding when input ends in newline. 2011-03-15 09:14:02 -07:00
auth_none.c libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() 2016-08-24 23:49:15 +02:00
auth_none.h libceph: make authorizer destruction independent of ceph_auth_client 2016-04-25 20:54:13 +02:00
auth_x_protocol.h
auth_x.c libceph: introduce ceph_x_encrypt_offset() 2016-12-12 23:09:19 +01:00
auth_x.h libceph: make authorizer destruction independent of ceph_auth_client 2016-04-25 20:54:13 +02:00
auth.c libceph: ceph_build_auth() doesn't need ceph_auth_build_hello() 2016-10-03 16:13:50 +02:00
buffer.c libceph: nuke ceph_kvfree() 2014-12-17 20:09:50 +03:00
ceph_common.c rbd: add 'client_addr' sysfs rbd device attribute 2016-08-24 23:49:16 +02:00
ceph_fs.c libceph: fix legacy layout decode with pool 0 2016-11-10 20:13:08 +01:00
ceph_hash.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ceph_strings.c rbd: support for exclusive-lock feature 2016-08-24 23:49:16 +02:00
cls_lock_client.c libceph: support for lock.lock_info 2016-08-24 23:49:15 +02:00
crypto.c libceph: introduce ceph_crypt() for in-place en/decryption 2016-12-12 23:09:19 +01:00
crypto.h libceph: introduce ceph_crypt() for in-place en/decryption 2016-12-12 23:09:19 +01:00
debugfs.c libceph: rados pool namespace support 2016-07-28 02:55:37 +02:00
Kconfig libceph: select CRYPTO_CBC in addition to CRYPTO_AES 2014-10-14 21:03:20 +04:00
Makefile libceph: support for advisory locking on RADOS objects 2016-08-24 23:49:15 +02:00
messenger.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
mon_client.c libceph: support for blacklisting clients 2016-08-24 23:49:15 +02:00
msgpool.c libceph: fix some missing includes 2016-07-28 02:55:35 +02:00
osd_client.c libceph: initialize last_linger_id with a large integer 2016-11-10 20:13:08 +01:00
osdmap.c libceph: rados pool namespace support 2016-07-28 02:55:37 +02:00
pagelist.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
pagevec.c mm: replace get_user_pages_unlocked() write/force parameters with gup_flags 2016-10-18 14:13:37 -07:00
snapshot.c libceph: create source file "net/ceph/snapshot.c" 2013-05-01 21:20:08 -07:00
string_table.c libceph: using kfree_rcu() to simplify the code 2016-08-08 21:41:42 +02:00