From nobody Mon Apr 13 21:02:13 2026 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAB933C5DA1 for ; Fri, 10 Apr 2026 13:40:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828442; cv=none; b=kRm5Uu9WPdoLOeaajI/bxmmfGxBbL6+vVEFzwONbRrItFN+ze5qT0Z8unNEVeZHJZOVUG26x4xaejMU5bY1kLPnnecukndC8CN9A0mmgRuW1Rg0h7b5q3EIHZoydrk8ZEL0gHA00gtDnt5Vskymq0X8pkPMl8yK8FBnUiCquk3c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828442; c=relaxed/simple; bh=BITlx4Kwj5eBbWFc9rslpJa2+01NebOQNTaEdmYUQ24=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=oefoLe6AwVYVgdGGZ03H994V4zNVs7+WNStoxonY6+vBbhwS/hu2KqF8BXVup1ZLfeYCuFqPDxac3taestMvLTwkxmKX6thXHzEEagG9FQ6LtmezsLo+sDaiOnsregRJSu/V7LWz1NPoHAvqC5INi33e1hrQ0wGn2ib6ggy+8yo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=MI9z31Du; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=RIS2QA3T; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="MI9z31Du"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="RIS2QA3T" Received: from pps.filterd (m0279873.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63AA61Ex017381 for ; Fri, 10 Apr 2026 13:40:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=qcppdkim1; bh=uShH14l/dWy 0o1Tl9pcZPJ74mlezSCjEKQRN2uJbI/U=; b=MI9z31Du8GgqqxsCNQuO1t9PaAe /fgKqdjai0WTBUGZu/eJCet2S7i7AUL4Si6JgL/sAJqJGLYui+NRYkaQIX4+pIoG HSa/xt1sO6UtvNmy4GbC27EAgydOBCBANQXYzy3TzOEsCcs4dO2NNLhAha+CupgC EWUriLOIMjqw2pIg70Y3kCaZ3mUhx00d/znj+WRKqszUoTYUwsZYneLd8w5nhilS 7IgHdO/SNz3x+ZnoHjDGCg2tLl6EoGcWR3rh436LcytXLIOnnhGcr/B+WczuzlGR iF86DuHJ3Py/RwcJyEQwj7tPf3HSfpqX09Aj3MIsY/YoFm7lucfooXcjvKw== Received: from mail-dy1-f200.google.com (mail-dy1-f200.google.com [74.125.82.200]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4dey5j0mu0-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 13:40:39 +0000 (GMT) Received: by mail-dy1-f200.google.com with SMTP id 5a478bee46e88-2d51aed14bcso4055643eec.1 for ; Fri, 10 Apr 2026 06:40:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1775828439; x=1776433239; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uShH14l/dWy0o1Tl9pcZPJ74mlezSCjEKQRN2uJbI/U=; b=RIS2QA3T6pgzj0ZjrHteZ8Jo9QQ9Yfv86NhWQmNtqWmhD0YDyuDnpbJX7XqAvAbxbG hrxYgvoVWscETlvTk/7j3OZ6Wos0nTUajFXxlkO7i9TqmrlrE0HZVn4DTr3jALN/bW1S sdH02lKwNXYaCM+WtvfDib8cmenvHLBTRlj0uNtvPXViKtqK0mAm2wGDalRJhNi1YDse tV2orPnsgVhQkv3ZEluj+nxnWEvKaSc3jM464biCkNh4kZitqKr6p0Lk4uEt4SVVmM6F GI/cdggjbw9iVw8nuLQXEBM2/MuCcymsKDGlsYwnDpSVo1JlLDJua68DOKgryFMwMBaR k7FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775828439; x=1776433239; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=uShH14l/dWy0o1Tl9pcZPJ74mlezSCjEKQRN2uJbI/U=; b=ENhAUEWj7AZ4MfpuaG+qYS78pyuNchYrvIWlev8STOiCMOxiGRRZTRiZks80JZFfsH U8jzbqZyYFoCqSca8Dy5SQtjTRLWoqMflJ4P8OGycnPTqWYRQ6YiCSiJFSOHjBmFzrCd QMvscUHo9qAXkNnhZsWHGQtEPGZMIC7R1jZCdRwP/rVP3B04df1Nzz9g9SSIByaI46g/ epG+4Je0158e8h0ljZfddUGBaTz4LUKS6XnjT6fcsLRJFsag/zYmKGGFYFmDpr7zTGFZ NNN/97F4E56zSpsPMoVqXajWcquggB0frE+O0k7hTdpAnP/LMNNJg6OMXfW5iLJL1tOQ wJag== X-Gm-Message-State: AOJu0Yx0vBRznTE17HBMrsKxIlLpCHk7pQaOj7IHHVPj/AhSYcGT3BPl CEqPreiDlddfljXLtyY92/XEBunmqT211NjC9RnmaWeQT094ONPQz7hpJnqhUdJPX8U5AAAVMC9 o7kjpEJawo8E4G/fWOHjR69sAisdgU057hJMpXA14fwSh8NhjvubxXXL3ypny/Czf++g= X-Gm-Gg: AeBDiesNP+M+ypF90jx4ACi0jC3rD+kl2dgDJ788yJEw7eeHQAAyoPy+FDn58/SyTaM EsDV5FC5uA0PdWcHvLoaUrU9tCE3T8Tt4cnWQrM4haRw+8SXuUoSvFCHysTfK+duKA4XOmOWvqB ohXZdrFSWWPvv5lCfEZelboyCgloDRKM2RYqws2X1kWJAwCp54Fji79XZADcNZ1nrXSCaTJJGd6 C+XzsEGAYVSX6vLsE6sjg9nFwoPVVxsbDzy4YQ73lCH/bxrbkOKoTdgf65x8tq+ug9noFub8lw8 z+/XEo8Xkvdk/cV8S6a5iS/BhBBUBVafHo2ItZQ3bLHzlM7wCH5vCJ57BX5tU+U3j3odtU2r+oz h40weGng0Wxvvv1phWZ7jnd2OYBUZFjHydPrUr2OqftZgp1Kid0ZwsQJGw/OVvoF/gxi6ke5hVG zxSJkW X-Received: by 2002:a05:7301:1f10:b0:2d1:d434:d005 with SMTP id 5a478bee46e88-2d5899a3b93mr2129269eec.20.1775828438765; Fri, 10 Apr 2026 06:40:38 -0700 (PDT) X-Received: by 2002:a05:7301:1f10:b0:2d1:d434:d005 with SMTP id 5a478bee46e88-2d5899a3b93mr2129237eec.20.1775828438212; Fri, 10 Apr 2026 06:40:38 -0700 (PDT) Received: from u20-san1p10573.qualcomm.com (i-global254.qualcomm.com. [199.106.103.254]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d561bde70csm5172631eec.15.2026.04.10.06.40.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Apr 2026 06:40:37 -0700 (PDT) From: Linlin Zhang To: linux-block@vger.kernel.org, ebiggers@kernel.org, mpatocka@redhat.com, gmazyland@gmail.com Cc: linux-kernel@vger.kernel.org, adrianvovk@gmail.com, dm-devel@lists.linux.dev, quic_mdalam@quicinc.com, israelr@nvidia.com, hch@infradead.org, axboe@kernel.dk Subject: [PATCH v2 1/3] block: export blk-crypto symbols required by dm-inlinecrypt Date: Fri, 10 Apr 2026 06:40:29 -0700 Message-Id: <20260410134031.2880675-2-linlin.zhang@oss.qualcomm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> References: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Proofpoint-GUID: 4cGcC_qwk5JtL-Oi7GMHJZJp7pVIOjDM X-Authority-Analysis: v=2.4 cv=b9aCJNGx c=1 sm=1 tr=0 ts=69d8fdd7 cx=c_pps a=PfFC4Oe2JQzmKTvty2cRDw==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=rJkE3RaqiGZ5pbrm-msn:22 a=1XWaLZrsAAAA:8 a=pkKqxYWgxMMasECMkqIA:9 a=6Ab_bkdmUrQuMsNx7PHu:22 X-Proofpoint-ORIG-GUID: 4cGcC_qwk5JtL-Oi7GMHJZJp7pVIOjDM X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDEyNyBTYWx0ZWRfX43gjEXj7gXLK qBfDdAe7S2uUjAvVHWGnHseumGKwYNOt8d1UXNpdyc4eyvG0xDoCCbZ7dhvr0nRiCjusfRJzjrH IBApf7vP1vkluBVbWHhb+eBNsityoorYZPumqsAhQMPHb+z7+ZIXBFOvq6XVRy2qQmXvzLETtmu UGDAufB6Z8NziFRZOZAMRYbMSMMRlrGhmJCZF1XREV50/od+vp3F9MSuohD6ZI4iQdbgft2wKx6 ZY5nN0ZjiW9ll70waVQ1k5ZmeIM7wu5V752ycWrt7//BBNObMMpMsRQXheZN7NuhHfSSvJUUeRa /M+kbX01EM9SPF9ZGVYb+q3l43OtK30xDOHiXXQ2eQ3qA4sweC3AvwnRMRV+F5G2zSrJSfqXFvU 7qoYx9mDB4s7GoZVQEDPtgAyjG9F7WbEkNJsEXRxImUAKv7CUYdz/nw4PI6CaYrT/XLfothQ3G1 Rak4et+1mzDNDwtjc8A== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_04,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 impostorscore=0 adultscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100127 Content-Type: text/plain; charset="utf-8" From: Eric Biggers bio_crypt_set_ctx(), blk_crypto_init_key(), and blk_crypto_start_using_key() are needed to use inline encryption; see Documentation/block/inline-encryption.rst. Export them so that dm-inlinecrypt can use them. The only reason these weren't exported before was that inline encryption was previously used only by fs/crypto/ which is built-in code. Signed-off-by: Eric Biggers --- block/blk-crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/block/blk-crypto.c b/block/blk-crypto.c index 856d3c5b1fa0..40a99a859748 100644 --- a/block/blk-crypto.c +++ b/block/blk-crypto.c @@ -116,6 +116,7 @@ void bio_crypt_set_ctx(struct bio *bio, const struct bl= k_crypto_key *key, =20 bio->bi_crypt_context =3D bc; } +EXPORT_SYMBOL_GPL(bio_crypt_set_ctx); =20 void __bio_crypt_free_ctx(struct bio *bio) { @@ -349,6 +350,7 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key, =20 return 0; } +EXPORT_SYMBOL_GPL(blk_crypto_init_key); =20 bool blk_crypto_config_supported_natively(struct block_device *bdev, const struct blk_crypto_config *cfg) @@ -399,6 +401,7 @@ int blk_crypto_start_using_key(struct block_device *bde= v, } return blk_crypto_fallback_start_using_mode(key->crypto_cfg.crypto_mode); } +EXPORT_SYMBOL_GPL(blk_crypto_start_using_key); =20 /** * blk_crypto_evict_key() - Evict a blk_crypto_key from a block_device --=20 2.34.1 From nobody Mon Apr 13 21:02:13 2026 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 211673A75BD for ; Fri, 10 Apr 2026 13:40:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828444; cv=none; b=omVJtF91jYmQ5UXkUaoeP+WB9SN97yQ84UwKatHyW2JEaY312+nItFHnSzeMGoyQVj+9m5M44hCxxRKTKlmuHO5hnYiCEe+zcWaLu7rJXfmGVWU7fKD9p/Jn/l7b3LhnOdkeRa1HdEaNwRKDyYaxQcw7dsvPletM5/QAKL+mgt0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828444; c=relaxed/simple; bh=JrZsRg37dArx4JUgb1G+eiWHKPOgSk3fjsvTzanEWlY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iisJrQN3XsPAPIMij/6zja0hcxRoASQqbpGygxGAs6GP1CUXUCvluiGhpNr8jZCrPSyUpTWq40BWbRS37VwrsoUQxdDfBgQtl25h73cgUFYAoCySmtOQjJ+d/pIht5zsHo7hwUrRmXG2xHq6PlAc5sOfIDSNskSWXb9Lc546v2U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=myi3gwCH; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=ccviZFXC; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="myi3gwCH"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="ccviZFXC" Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A7tkc53934665 for ; Fri, 10 Apr 2026 13:40:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=qcppdkim1; bh=KPlUXv8EyLc n8i2iNpX/Emr42Gml1gSuHDZ1pgLzhdU=; b=myi3gwCHxL/f9AueTB03bNPQsv0 6I4FU3BumYK3e5/GeT3bmwbo+neFzaNtA0qNjvnTOdOFjkGnJlUKANxQEJV4lr65 VHGuNK+xg0l0d/IgKbtdCf1SgQPnwXblJpvizDBsTfxDwhUEqFutj+yLXzPYk2WF EW50xL3m1Z6sKuQtgULb9262RhIq4nFn+zu0S1nU/wHealW9z1dR850ryHG5sxlL yt9/eROWeHpwSYzEqqMLZ8mVzRSUZrFpb/PIsavLQNxHp8mVhie2gZVpJVFLsmB7 YIV6bynhjAArG/eSAiQArlN/9uoJakFDqAGYZtbh3f8v5hs2jKXus961WTw== Received: from mail-dy1-f197.google.com (mail-dy1-f197.google.com [74.125.82.197]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4ded5sc79g-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 13:40:40 +0000 (GMT) Received: by mail-dy1-f197.google.com with SMTP id 5a478bee46e88-2bdc1b30ac8so1083172eec.1 for ; Fri, 10 Apr 2026 06:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1775828440; x=1776433240; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KPlUXv8EyLcn8i2iNpX/Emr42Gml1gSuHDZ1pgLzhdU=; b=ccviZFXC8+JEBYEkZERwEep55toKa/z1TrGdeNfKALM5YRofrABuNXL2vQqzal1KgK WuLhp6cLWQgVA8d83dHg9/5Mbhf+ThXWYQ9cj415ZGCraZtZkvgGQoc9CL4MjkwpidIh j7hyci0Q9P3OgoOQKNooqXEpAC0J1fzgSDGTCVeOb1bAcodrPdcTU97oBji46M+Khdun pi5Ra1BH8RL7tIyEuRQBlQcBF+0HxGBI+TM9gUd2zfE9eF4Q07onhua22dL33gHqWWXL iVo1rC3SX4Z3EZmCuG2DM8DbES9Et2Z0053G/4L5MXGYJ+w1nixMW8xxUd4G3t8dOCJy 8O+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775828440; x=1776433240; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KPlUXv8EyLcn8i2iNpX/Emr42Gml1gSuHDZ1pgLzhdU=; b=rFYk1yGWqAXVWdeerXoTY302mxatq1MHUAR6aQ9OV67EaOZZYOntqWWL9uY4A46tlD VtJTtjzoL8vvvB2jWswUVQAFMy958T+xqRonvz+/uVSoUDxLbG631lb5OVSHoI5zsXsa DPdJhExS+kBTRsvNOtXj7aSn5zmfaRWXS9dpaWI/a5UTVPlLt1dzunSuspI+h5rYXHJd U4GDUVOTCs+EeibDOaCT47g9yE7Amq+TBvz6Be39f3VlZDQTbujf6Oe9FfTJri75vrzF 3MblU/vyb8ijoTaiFaElmp9D7fYOpoTBUu5npwKkL5A+Us+64qR8nigaUwChXjKKhdyG fTQw== X-Gm-Message-State: AOJu0YyLeeJ9dRbkdCrJqXxhRHKbh7oAzZW4/ILoM3CZLG1vtmvPQMrI hW7ijod8sF30iYuxof/62zkDnCGMa/p5ZLUpt4D9i8uB/uUxN17LrrvAmesLuz7DkhFsRrYo52S i/FddcBXgEKZPlF8PCYadU94qEfpfTWR/KbBYvxoZ31VPCN3JSpY0puof/L7fl+sAL4s= X-Gm-Gg: AeBDiesBMyzkKZxCwxb4IU7K6PFBZ0WkXpsQlkm2rnpaWwQ0c04iqr54STlpyboWQw0 XoiqExEHkv0U6xvWmHXq8t0fny7m5O46/66eYB8C4Aimsub3aIlAHuOGaxjhQ6eEliBFWC+lX6q OH9L2ShedrSRRaLmjGR0ikMUJkpX6dy3V5K8qGIWL9JKSyeTMOHY8NL8Rl07WSeMkP5LVfkizJt npqFohUi8nIsJEZg04QLE+MTiF1CIxelYnkvOPzR/n6co7lE/bvuvJloCrO3QzW/CTXjFrtT9P5 eAl+2HKQzqUpKOjNnrHnlqwZ6SnTJYoqEoKMBqLR8Q1plEm+twSuCviwzVOmdRyfvwQw0RMr80I CQvpT/P5lhPqQ6pKqf/D6PPdQWpcnVHPO+ytyIYytwo1RA4evbq8hj1hJi+QqIAX3g3mLZaJK1F OT9Kt3 X-Received: by 2002:a05:7300:8c85:b0:2be:8216:57db with SMTP id 5a478bee46e88-2d5873ad987mr1694202eec.3.1775828439768; Fri, 10 Apr 2026 06:40:39 -0700 (PDT) X-Received: by 2002:a05:7300:8c85:b0:2be:8216:57db with SMTP id 5a478bee46e88-2d5873ad987mr1694163eec.3.1775828439035; Fri, 10 Apr 2026 06:40:39 -0700 (PDT) Received: from u20-san1p10573.qualcomm.com (i-global254.qualcomm.com. [199.106.103.254]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d561bde70csm5172631eec.15.2026.04.10.06.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Apr 2026 06:40:38 -0700 (PDT) From: Linlin Zhang To: linux-block@vger.kernel.org, ebiggers@kernel.org, mpatocka@redhat.com, gmazyland@gmail.com Cc: linux-kernel@vger.kernel.org, adrianvovk@gmail.com, dm-devel@lists.linux.dev, quic_mdalam@quicinc.com, israelr@nvidia.com, hch@infradead.org, axboe@kernel.dk Subject: [PATCH v2 2/3] dm-inlinecrypt: add target for inline block device encryption Date: Fri, 10 Apr 2026 06:40:30 -0700 Message-Id: <20260410134031.2880675-3-linlin.zhang@oss.qualcomm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> References: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Proofpoint-ORIG-GUID: QGRCXPuHRpIaSC_WnCyUPCv-3x9wHTSv X-Proofpoint-GUID: QGRCXPuHRpIaSC_WnCyUPCv-3x9wHTSv X-Authority-Analysis: v=2.4 cv=Ko59H2WN c=1 sm=1 tr=0 ts=69d8fdd8 cx=c_pps a=Uww141gWH0fZj/3QKPojxA==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=ZpdpYltYx_vBUK5n70dp:22 a=1XWaLZrsAAAA:8 a=EUspDBNiAAAA:8 a=XpLwOsV47Bz5VTnE-JYA:9 a=PxkB5W3o20Ba91AHUih5:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDEyOCBTYWx0ZWRfX1Mb46WUVFCZ8 1vyDFVvqCYjH+3sb+fgoApI+0P4ivbp1HrA4RlKSwkc/aDxqV7RaW8Kgq7SgP+uhQiEMJDQ62Uu PsyXwAQmu/ilKm9VR7LkKn/zXjRoBQa+okZw/k+q0680nxNqbY/rOduLeBmpWw0lL5qaLn24bcK u4rQGa4t9EWcvPpHhnSBqtn/OfJE+tfn+HM8E0EMxSf4y4uJVhyNnA1uq2znshuzMRY6CC77lCl idqHqLNNveiZtas7zPqSxN4OndG50MSY6VE5tM8YuciwioCSAFOKWQ3DKsAk64gQJAGfmHw0BIh HUhVoD78PhLt7cHrsqn7tZ4XE/OaXy9pFXs4fGKEDvnZyMwBWGVqjeTljb/70MhYHAul+Awnl5V 8vgDZLD2Y3gipR+usTrUc5Ro8qqoW1Kz7DKNFI9xVjmKbDBV6rppSYKiMh1pBIDztqgTsspWEWA 7ohAdZ+1oHNsqPobbGw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_04,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 lowpriorityscore=0 clxscore=1015 priorityscore=1501 phishscore=0 bulkscore=0 spamscore=0 suspectscore=0 impostorscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100128 Content-Type: text/plain; charset="utf-8" From: Eric Biggers Add a new device-mapper target "dm-inlinecrypt" that is similar to dm-crypt but uses the blk-crypto API instead of the regular crypto API. This allows it to take advantage of inline encryption hardware such as that commonly built into UFS host controllers. The table syntax matches dm-crypt's, but for now only a stripped-down set of parameters is supported. For example, for now AES-256-XTS is the only supported cipher. dm-inlinecrypt is based on Android's dm-default-key with the controversial passthrough support removed. Note that due to the removal of passthrough support, use of dm-inlinecrypt in combination with fscrypt causes double encryption of file contents (similar to dm-crypt + fscrypt), with the fscrypt layer not being able to use the inline encryption hardware. This makes dm-inlinecrypt unusable on systems such as Android that use fscrypt and where a more optimized approach is needed. It is however suitable as a replacement for dm-crypt. dm-inlinecrypt supports both keyring key and hex key, the former avoids the key to be exposed in dm-table message. Similar to dm-default-key in Android, it will fallabck to the software block crypto once the inline crypto hardware cannot support the expected cipher. Test: dmsetup create inlinecrypt_logon --table "0 `blockdev --getsz $1` \ inlinecrypt aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 $1 0" Signed-off-by: Eric Biggers Signed-off-by: Linlin Zhang --- drivers/md/Kconfig | 10 + drivers/md/Makefile | 1 + drivers/md/dm-inlinecrypt.c | 559 ++++++++++++++++++++++++++++++++++++ 3 files changed, 570 insertions(+) create mode 100644 drivers/md/dm-inlinecrypt.c diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index c58a9a8ea54e..aa541cc22ecc 100644 --- a/drivers/md/Kconfig +++ b/drivers/md/Kconfig @@ -313,6 +313,16 @@ config DM_CRYPT =20 If unsure, say N. =20 +config DM_INLINECRYPT + tristate "Inline encryption target support" + depends on BLK_DEV_DM + depends on BLK_INLINE_ENCRYPTION + help + This device-mapper target is similar to dm-crypt, but it uses the + blk-crypto API instead of the regular crypto API. This allows it to + take advantage of inline encryption hardware such as that commonly + built into UFS host controllers. + config DM_SNAPSHOT tristate "Snapshot target" depends on BLK_DEV_DM diff --git a/drivers/md/Makefile b/drivers/md/Makefile index c338cc6fbe2e..517d1f7d8288 100644 --- a/drivers/md/Makefile +++ b/drivers/md/Makefile @@ -55,6 +55,7 @@ obj-$(CONFIG_DM_UNSTRIPED) +=3D dm-unstripe.o obj-$(CONFIG_DM_BUFIO) +=3D dm-bufio.o obj-$(CONFIG_DM_BIO_PRISON) +=3D dm-bio-prison.o obj-$(CONFIG_DM_CRYPT) +=3D dm-crypt.o +obj-$(CONFIG_DM_INLINECRYPT) +=3D dm-inlinecrypt.o obj-$(CONFIG_DM_DELAY) +=3D dm-delay.o obj-$(CONFIG_DM_DUST) +=3D dm-dust.o obj-$(CONFIG_DM_FLAKEY) +=3D dm-flakey.o diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c new file mode 100644 index 000000000000..b6e98fdf8af1 --- /dev/null +++ b/drivers/md/dm-inlinecrypt.c @@ -0,0 +1,559 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright 2024 Google LLC + */ + +#include +#include +#include +#include +#include +#include + +#define DM_MSG_PREFIX "inlinecrypt" + +static const struct dm_inlinecrypt_cipher { + const char *name; + enum blk_crypto_mode_num mode_num; +} dm_inlinecrypt_ciphers[] =3D { + { + .name =3D "aes-xts-plain64", + .mode_num =3D BLK_ENCRYPTION_MODE_AES_256_XTS, + }, +}; + +/** + * struct inlinecrypt_ctx - private data of an inlinecrypt target + * @dev: the underlying device + * @start: starting sector of the range of @dev which this target actually= maps. + * For this purpose a "sector" is 512 bytes. + * @cipher_string: the name of the encryption algorithm being used + * @iv_offset: starting offset for IVs. IVs are generated as if the targe= t were + * preceded by @iv_offset 512-byte sectors. + * @sector_size: crypto sector size in bytes (usually 4096) + * @sector_bits: log2(sector_size) + * @key: the encryption key to use + * @max_dun: the maximum DUN that may be used (computed from other params) + */ +struct inlinecrypt_ctx { + struct dm_dev *dev; + sector_t start; + const char *cipher_string; + unsigned int key_size; + u64 iv_offset; + unsigned int sector_size; + unsigned int sector_bits; + struct blk_crypto_key key; + u64 max_dun; +}; + +static const struct dm_inlinecrypt_cipher * +lookup_cipher(const char *cipher_string) +{ + int i; + + for (i =3D 0; i < ARRAY_SIZE(dm_inlinecrypt_ciphers); i++) { + if (strcmp(cipher_string, dm_inlinecrypt_ciphers[i].name) =3D=3D 0) + return &dm_inlinecrypt_ciphers[i]; + } + return NULL; +} + +static void inlinecrypt_dtr(struct dm_target *ti) +{ + struct inlinecrypt_ctx *ctx =3D ti->private; + + if (ctx->dev) { + if (ctx->key.size) + blk_crypto_evict_key(ctx->dev->bdev, &ctx->key); + dm_put_device(ti, ctx->dev); + } + kfree_sensitive(ctx->cipher_string); + kfree_sensitive(ctx); +} + +static bool contains_whitespace(const char *str) +{ + while (*str) + if (isspace(*str++)) + return true; + return false; +} + +static int set_key_user(struct key *key, char *bin_key, + const unsigned int bin_key_size) +{ + const struct user_key_payload *ukp; + + ukp =3D user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + if (bin_key_size !=3D ukp->datalen) + return -EINVAL; + + memcpy(bin_key, ukp->data, bin_key_size); + + return 0; +} + +static int inlinecrypt_get_keyring_key(const char *key_string, u8 *bin_key, + const unsigned int bin_key_size) +{ + char *key_desc; + int ret; + struct key_type *type; + struct key *key; + int (*set_key)(struct key *key, char *bin_key, + const unsigned int bin_key_size); + + /* + * Reject key_string with whitespace. dm core currently lacks code for + * proper whitespace escaping in arguments on DM_TABLE_STATUS path. + */ + if (contains_whitespace(key_string)) { + DMERR("whitespace chars not allowed in key string"); + return -EINVAL; + } + + /* look for next ':' separating key_type from key_description */ + key_desc =3D strchr(key_string, ':'); + if (!key_desc || key_desc =3D=3D key_string || !strlen(key_desc + 1)) + return -EINVAL; + + if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) { + type =3D &key_type_logon; + set_key =3D set_key_user; + } else { + return -EINVAL; + } + + key =3D request_key(type, key_desc + 1, NULL); + if (IS_ERR(key)) + return PTR_ERR(key); + + down_read(&key->sem); + + ret =3D set_key(key, (char *)bin_key, bin_key_size); + if (ret < 0) { + up_read(&key->sem); + key_put(key); + return ret; + } + + up_read(&key->sem); + key_put(key); + + return ret; +} + +static int inlinecrypt_get_key(const char *key_string, + u8 key[BLK_CRYPTO_MAX_ANY_KEY_SIZE], + const unsigned int key_size) +{ + int ret =3D 0; + + /* ':' means the key is in kernel keyring, short-circuit normal key proce= ssing */ + if (key_string[0] =3D=3D ':') { + if (key_size > BLK_CRYPTO_MAX_ANY_KEY_SIZE) { + DMERR("Invalid keysize"); + return -EINVAL; + } + /* key string should be :: */ + ret =3D inlinecrypt_get_keyring_key(key_string + 1, key, key_size); + goto out; + } + + if (key_size > 2 * BLK_CRYPTO_MAX_ANY_KEY_SIZE + || key_size % 2 + || !key_size) { + DMERR("Invalid keysize"); + return -EINVAL; + } + if (hex2bin(key, key_string, key_size) !=3D 0) + ret =3D -EINVAL; + +out: + return ret; +} + +static int get_key_size(char **key_string) +{ + char *colon, dummy; + int ret; + + if (*key_string[0] !=3D ':') + return strlen(*key_string) >> 1; + + /* look for next ':' in key string */ + colon =3D strpbrk(*key_string + 1, ":"); + if (!colon) + return -EINVAL; + + if (sscanf(*key_string + 1, "%u%c", &ret, &dummy) !=3D 2 || dummy !=3D ':= ') + return -EINVAL; + + /* remaining key string should be :: */ + *key_string =3D colon; + + return ret; +} + +static int inlinecrypt_ctr_optional(struct dm_target *ti, + unsigned int argc, char **argv) +{ + struct inlinecrypt_ctx *ctx =3D ti->private; + struct dm_arg_set as; + static const struct dm_arg _args[] =3D { + {0, 3, "Invalid number of feature args"}, + }; + unsigned int opt_params; + const char *opt_string; + bool iv_large_sectors =3D false; + char dummy; + int err; + + as.argc =3D argc; + as.argv =3D argv; + + err =3D dm_read_arg_group(_args, &as, &opt_params, &ti->error); + if (err) + return err; + + while (opt_params--) { + opt_string =3D dm_shift_arg(&as); + if (!opt_string) { + ti->error =3D "Not enough feature arguments"; + return -EINVAL; + } + if (!strcmp(opt_string, "allow_discards")) { + ti->num_discard_bios =3D 1; + } else if (sscanf(opt_string, "sector_size:%u%c", + &ctx->sector_size, &dummy) =3D=3D 1) { + if (ctx->sector_size < SECTOR_SIZE || + ctx->sector_size > 4096 || + !is_power_of_2(ctx->sector_size)) { + ti->error =3D "Invalid sector_size"; + return -EINVAL; + } + } else if (!strcmp(opt_string, "iv_large_sectors")) { + iv_large_sectors =3D true; + } else { + ti->error =3D "Invalid feature arguments"; + return -EINVAL; + } + } + + /* dm-inlinecrypt doesn't implement iv_large_sectors=3Dfalse. */ + if (ctx->sector_size !=3D SECTOR_SIZE && !iv_large_sectors) { + ti->error =3D "iv_large_sectors must be specified"; + return -EINVAL; + } + + return 0; +} + +/* + * Construct an inlinecrypt mapping: + * [|:::] + * + * This syntax matches dm-crypt's, but the set of supported functionality = has + * been stripped down. + */ +static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char *= *argv) +{ + struct inlinecrypt_ctx *ctx; + const struct dm_inlinecrypt_cipher *cipher; + u8 raw_key[BLK_CRYPTO_MAX_ANY_KEY_SIZE]; + unsigned int dun_bytes; + unsigned long long tmpll; + char dummy; + int err; + + if (argc < 5) { + ti->error =3D "Not enough arguments"; + return -EINVAL; + } + + ctx =3D kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) { + ti->error =3D "Out of memory"; + return -ENOMEM; + } + ti->private =3D ctx; + + /* */ + ctx->cipher_string =3D kstrdup(argv[0], GFP_KERNEL); + if (!ctx->cipher_string) { + ti->error =3D "Out of memory"; + err =3D -ENOMEM; + goto bad; + } + cipher =3D lookup_cipher(ctx->cipher_string); + if (!cipher) { + ti->error =3D "Unsupported cipher"; + err =3D -EINVAL; + goto bad; + } + + /* */ + ctx->key_size =3D get_key_size(&argv[1]); + if (ctx->key_size < 0) { + ti->error =3D "Cannot parse key size"; + return -EINVAL; + } + err =3D inlinecrypt_get_key(argv[1], raw_key, ctx->key_size); + if (err) { + ti->error =3D "Malformed key string"; + goto bad; + } + + /* */ + if (sscanf(argv[2], "%llu%c", &ctx->iv_offset, &dummy) !=3D 1) { + ti->error =3D "Invalid iv_offset sector"; + err =3D -EINVAL; + goto bad; + } + + /* */ + err =3D dm_get_device(ti, argv[3], dm_table_get_mode(ti->table), + &ctx->dev); + if (err) { + ti->error =3D "Device lookup failed"; + goto bad; + } + + /* */ + if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) !=3D 1 || + tmpll !=3D (sector_t)tmpll) { + ti->error =3D "Invalid start sector"; + err =3D -EINVAL; + goto bad; + } + ctx->start =3D tmpll; + + /* optional arguments */ + ctx->sector_size =3D SECTOR_SIZE; + if (argc > 5) { + err =3D inlinecrypt_ctr_optional(ti, argc - 5, &argv[5]); + if (err) + goto bad; + } + ctx->sector_bits =3D ilog2(ctx->sector_size); + if (ti->len & ((ctx->sector_size >> SECTOR_SHIFT) - 1)) { + ti->error =3D "Device size is not a multiple of sector_size"; + err =3D -EINVAL; + goto bad; + } + + ctx->max_dun =3D (ctx->iv_offset + ti->len - 1) >> + (ctx->sector_bits - SECTOR_SHIFT); + dun_bytes =3D DIV_ROUND_UP(fls64(ctx->max_dun), 8); + + err =3D blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, + BLK_CRYPTO_KEY_TYPE_RAW, + cipher->mode_num, dun_bytes, + ctx->sector_size); + if (err) { + ti->error =3D "Error initializing blk-crypto key"; + goto bad; + } + + err =3D blk_crypto_start_using_key(ctx->dev->bdev, &ctx->key); + if (err) { + ti->error =3D "Error starting to use blk-crypto"; + goto bad; + } + + ti->num_flush_bios =3D 1; + + err =3D 0; + goto out; + +bad: + inlinecrypt_dtr(ti); +out: + memzero_explicit(raw_key, sizeof(raw_key)); + return err; +} + +static int inlinecrypt_map(struct dm_target *ti, struct bio *bio) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + sector_t sector_in_target; + u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE] =3D {}; + + bio_set_dev(bio, ctx->dev->bdev); + + /* + * If the bio is a device-level request which doesn't target a specific + * sector, there's nothing more to do. + */ + if (bio_sectors(bio) =3D=3D 0) + return DM_MAPIO_REMAPPED; + + /* + * The bio should never have an encryption context already, since + * dm-inlinecrypt doesn't pass through any inline encryption + * capabilities to the layer above it. + */ + if (WARN_ON_ONCE(bio_has_crypt_ctx(bio))) + return DM_MAPIO_KILL; + + /* Map the bio's sector to the underlying device. (512-byte sectors) */ + sector_in_target =3D dm_target_offset(ti, bio->bi_iter.bi_sector); + bio->bi_iter.bi_sector =3D ctx->start + sector_in_target; + /* + * If the bio doesn't have any data (e.g. if it's a DISCARD request), + * there's nothing more to do. + */ + if (!bio_has_data(bio)) + return DM_MAPIO_REMAPPED; + + /* Calculate the DUN and enforce data-unit (crypto sector) alignment. */ + dun[0] =3D ctx->iv_offset + sector_in_target; /* 512-byte sectors */ + if (dun[0] & ((ctx->sector_size >> SECTOR_SHIFT) - 1)) + return DM_MAPIO_KILL; + dun[0] >>=3D ctx->sector_bits - SECTOR_SHIFT; /* crypto sectors */ + + /* + * This check isn't necessary as we should have calculated max_dun + * correctly, but be safe. + */ + if (WARN_ON_ONCE(dun[0] > ctx->max_dun)) + return DM_MAPIO_KILL; + + bio_crypt_set_ctx(bio, &ctx->key, dun, GFP_NOIO); + + /* + * Since we've added an encryption context to the bio and + * blk-crypto-fallback may be needed to process it, it's necessary to + * use the fallback-aware bio submission code rather than + * unconditionally returning DM_MAPIO_REMAPPED. + * + * To get the correct accounting for a dm target in the case where + * __blk_crypto_submit_bio() doesn't take ownership of the bio (returns + * true), call __blk_crypto_submit_bio() directly and return + * DM_MAPIO_REMAPPED in that case, rather than relying on + * blk_crypto_submit_bio() which calls submit_bio() in that case. + */ + if (__blk_crypto_submit_bio(bio)) + return DM_MAPIO_REMAPPED; + return DM_MAPIO_SUBMITTED; +} + +static void inlinecrypt_status(struct dm_target *ti, status_type_t type, + unsigned int status_flags, char *result, + unsigned int maxlen) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + unsigned int sz =3D 0; + int num_feature_args =3D 0; + + switch (type) { + case STATUSTYPE_INFO: + case STATUSTYPE_IMA: + result[0] =3D '\0'; + break; + + case STATUSTYPE_TABLE: + /* + * Warning: like dm-crypt, dm-inlinecrypt includes the key in + * the returned table. Userspace is responsible for redacting + * the key when needed. + */ + DMEMIT("%s %*phN %llu %s %llu", ctx->cipher_string, + ctx->key.size, ctx->key.bytes, ctx->iv_offset, + ctx->dev->name, ctx->start); + num_feature_args +=3D !!ti->num_discard_bios; + if (ctx->sector_size !=3D SECTOR_SIZE) + num_feature_args +=3D 2; + if (num_feature_args !=3D 0) { + DMEMIT(" %d", num_feature_args); + if (ti->num_discard_bios) + DMEMIT(" allow_discards"); + if (ctx->sector_size !=3D SECTOR_SIZE) { + DMEMIT(" sector_size:%u", ctx->sector_size); + DMEMIT(" iv_large_sectors"); + } + } + break; + } +} + +static int inlinecrypt_prepare_ioctl(struct dm_target *ti, + struct block_device **bdev, unsigned int cmd, + unsigned long arg, bool *forward) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + const struct dm_dev *dev =3D ctx->dev; + + *bdev =3D dev->bdev; + + /* Only pass ioctls through if the device sizes match exactly. */ + return ctx->start !=3D 0 || ti->len !=3D bdev_nr_sectors(dev->bdev); +} + +static int inlinecrypt_iterate_devices(struct dm_target *ti, + iterate_devices_callout_fn fn, + void *data) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + + return fn(ti, ctx->dev, ctx->start, ti->len, data); +} + +#ifdef CONFIG_BLK_DEV_ZONED +static int inlinecrypt_report_zones(struct dm_target *ti, + struct dm_report_zones_args *args, + unsigned int nr_zones) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + + return dm_report_zones(ctx->dev->bdev, ctx->start, + ctx->start + dm_target_offset(ti, args->next_sector), + args, nr_zones); +} +#else +#define inlinecrypt_report_zones NULL +#endif + +static void inlinecrypt_io_hints(struct dm_target *ti, + struct queue_limits *limits) +{ + const struct inlinecrypt_ctx *ctx =3D ti->private; + const unsigned int sector_size =3D ctx->sector_size; + + limits->logical_block_size =3D + max_t(unsigned int, limits->logical_block_size, sector_size); + limits->physical_block_size =3D + max_t(unsigned int, limits->physical_block_size, sector_size); + limits->io_min =3D max_t(unsigned int, limits->io_min, sector_size); + limits->dma_alignment =3D limits->logical_block_size - 1; +} + +static struct target_type inlinecrypt_target =3D { + .name =3D "inlinecrypt", + .version =3D {1, 0, 0}, + /* + * Do not set DM_TARGET_PASSES_CRYPTO, since dm-inlinecrypt consumes the + * crypto capability itself. + */ + .features =3D DM_TARGET_ZONED_HM, + .module =3D THIS_MODULE, + .ctr =3D inlinecrypt_ctr, + .dtr =3D inlinecrypt_dtr, + .map =3D inlinecrypt_map, + .status =3D inlinecrypt_status, + .prepare_ioctl =3D inlinecrypt_prepare_ioctl, + .iterate_devices =3D inlinecrypt_iterate_devices, + .report_zones =3D inlinecrypt_report_zones, + .io_hints =3D inlinecrypt_io_hints, +}; + +module_dm(inlinecrypt); + +MODULE_AUTHOR("Eric Biggers "); +MODULE_AUTHOR("Linlin Zhang "); +MODULE_DESCRIPTION(DM_NAME " target for inline encryption"); +MODULE_LICENSE("GPL"); --=20 2.34.1 From nobody Mon Apr 13 21:02:13 2026 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3305E3C5DCD for ; Fri, 10 Apr 2026 13:40:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828445; cv=none; b=olLg44IygKbw5nNXojUIxqtCwUyLcfS1vVVDSH0QWRXgpqH4qUZO9WG5xspKd8C0feybaygaXHopV+hQsoYnz6ZpJjAM27fgQaiouby08Lp1TlndvM5U5LAJBpJFNAWJRCBbOQ+Q1FZb+OhsUwJCaMEEfLzgpF7D6FBPpuJi2n8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775828445; c=relaxed/simple; bh=ZzD48c6YNqTNTxvog2KhjcUYavGruY/dRo31R1J745I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Co2GZ4JWZy2blNjmnHsx05zsDeOqXDoZAzZ0gh84Sqy4zutpu9/Rb0K6rWpx176R8FPwd8xos+bkA2u24XA/ABszjaYvJDlAXCl9ttjJshAfQjedKL3iv5ETLIVPRnnVwAUTOcJJHQRwSPcMgAub6OBRJuiGj+8an4S6D9xP2Rg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=GISwSpW9; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=G/yC+bFh; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="GISwSpW9"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="G/yC+bFh" Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A92wVc115045 for ; Fri, 10 Apr 2026 13:40:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=qcppdkim1; bh=4/G7uDRt/NN 5uhqO8B7jr/VAfO0+XnKeOAa+4ruW6IA=; b=GISwSpW9PL/WB+EIKDmDd5ONuKn Oz2E254irHMF71/LzvvEz3+ZhGBZmNcSUC0ywboTcfQC1yQGkCB0BcZp1M80OlQz K+W4ds/tueKzDQbPt4Y5GY7EXFythgbht49+MLaucVo2CuLPVrn5IL0rqV4l3osa 2G/h1BRtKFuLSx79Ifwr1BaQ/pkuTi8hMVgiY8YwAPnRv+ZWzQ+pRgGt1Kquz4f8 jKWqZA9n8l+j6ie8egkI6R5fet9eLFmaYs4/fPSwjt/aXl+7yVRfh4KKL8nzd9X5 Qd2fHES4XslHPKNs/EiYlxMZb4tfRiEDM6VoAdJCI2/zMMHzyZxS9CoWhTw== Received: from mail-dl1-f70.google.com (mail-dl1-f70.google.com [74.125.82.70]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4dee8xc1q5-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 13:40:41 +0000 (GMT) Received: by mail-dl1-f70.google.com with SMTP id a92af1059eb24-12bf9974587so1027947c88.0 for ; Fri, 10 Apr 2026 06:40:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1775828441; x=1776433241; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4/G7uDRt/NN5uhqO8B7jr/VAfO0+XnKeOAa+4ruW6IA=; b=G/yC+bFhpy2alp4Kz1DU/eWAhCK+Ff/NX8ksFMSz9yz7UOYN3jYCdJT9tqlmtNoZTC wD5chhp64+KLvA7u4bHh1pqQWDJIemSw3wHp1sBX3RPNNs/wMDsn/wsUt/RFxuHLrua3 6Qsbd7O4ciflOqc35dIRoSUWb55JE6tv1c0N8imZVRG78ZtZf0m2DrGTroLOCzyNPB69 pHuCZ4CQVKH0pXGd7+8wGK9ZtBNF8YkwISOhiWa/1UZ4uu9+XzSDrAwRdDPf9Q+YI6FU H51HBI7Rq1JWQyrcX7c1EKr7NRtZ740miIrzTWwCif93dQHrjMjJ2H/zuD+ys9Z91jDp eq5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775828441; x=1776433241; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=4/G7uDRt/NN5uhqO8B7jr/VAfO0+XnKeOAa+4ruW6IA=; b=DNjKfx74QUauMbzG4wWm3Q8my7Zl0XDeN8yRcUlsBSNHsT5LZf0fj1tr6I4BEzLF0Q rwFaTQ4RBw5pJC+Q190VoyAquUwaNQ6kIXq3bcoFSUz5bxEreG1gQDJSET9oJjTlzHhR Uq76Fa5tgD6/dg9iEvTaEVZusgtPd6R7T1TdgExDvNPCQCcmNDaLzpvPuhTLOuyq8p6o rTk8HyBbKgOoqDzdjaK1/GI+AZ4q4rMTqGm782ZHkRYtLluaao9Xow3lJd/GEmw0sdms ysv2EzpqjyKDR/yqYwtgIKQptVsDXpBFmAFZT1teIKYpmQxPAKJqE3+J0uwcfMNsRfbv K0Zg== X-Gm-Message-State: AOJu0YwUKLINISnxkrwqYVS9Uzm3eYB9YAvyBjgetl7JekN27Pz5PMOu btRbwmQ4TwGPKqsByiHXaCTc3f1xooHci5T4yuRxNBgWWCo+ffVoCo+C1gPjbAnncc+DMsmGfG4 9oe9aA0umoCyP7mviZJXrHKIIkhPI5k8Il+qznfJAOcrTeRRRnuJYli4q7983wT4OXJk= X-Gm-Gg: AeBDiesXUcxiXlLT9kfTv/tEsxORAuPkPYvXW8POycUY4eiG+j+gek0lJzJdMdRSCUT 6n+xBqcvGvbkRDny2hfMYN4O3a2BM7kANkqlQDFfnHhTTfDk+VT4lXdwwShYeWUpe/n2M2UMEtG /15w3KSVB2H4Rn5VJNZ6Cr5JeYEfJGXiMtsuSaQTygRsxt4a6Brck7EN+xlPrScRfodCdmZZ5zW 0x9KwK0ULxv8jhYS4HouP8emNmiARV6nTWlITsNvwfVFmWmFckpDTtVXatuZ76yJIwGnSnf89Ei pEfXMsecfT7qTp3iacJV+j/qhqjXY7eOWrkAPo/W3YDgi3DJZFfZ3GzkW0XpFymDA8RcOJ5GFLJ bdQS8SugzTgUtHwpE/1BExoVmmHtv5czOI9X6TrPT12Zgs3tRoRJWuaxpSEH0e/4fr5QkFthxCK smHkEO X-Received: by 2002:a05:7022:790:b0:11b:b179:6e17 with SMTP id a92af1059eb24-12c34f07ce4mr1827744c88.34.1775828440751; Fri, 10 Apr 2026 06:40:40 -0700 (PDT) X-Received: by 2002:a05:7022:790:b0:11b:b179:6e17 with SMTP id a92af1059eb24-12c34f07ce4mr1827703c88.34.1775828439906; Fri, 10 Apr 2026 06:40:39 -0700 (PDT) Received: from u20-san1p10573.qualcomm.com (i-global254.qualcomm.com. [199.106.103.254]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d561bde70csm5172631eec.15.2026.04.10.06.40.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Apr 2026 06:40:39 -0700 (PDT) From: Linlin Zhang To: linux-block@vger.kernel.org, ebiggers@kernel.org, mpatocka@redhat.com, gmazyland@gmail.com Cc: linux-kernel@vger.kernel.org, adrianvovk@gmail.com, dm-devel@lists.linux.dev, quic_mdalam@quicinc.com, israelr@nvidia.com, hch@infradead.org, axboe@kernel.dk Subject: [PATCH v2 3/3] dm: add documentation for dm-inlinecrypt target Date: Fri, 10 Apr 2026 06:40:31 -0700 Message-Id: <20260410134031.2880675-4-linlin.zhang@oss.qualcomm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> References: <20260410134031.2880675-1-linlin.zhang@oss.qualcomm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDEyOCBTYWx0ZWRfX2kBsckzlNclg p/0BaYDbciOUmew8yVe194a8q2+nDI9zfOl2yGsHEFXUCJil+qDTCWHpibDmqBkjnY7IAB4O7pf Fh+r/BJm/uzuXa7wWCbrcpLjJ4kQJLEBDQsLXINfdw2deESobKwQ/tqtwn4tBYNUXS2h/7wme1l cyuwI7qVIVPzVvmnNM6MM14QoDMrNd2Bhbl/RC9dpC6QkZfPaj0b7oqQrpqxIMGbvabWzV6gOSg w3NHw2beYwgVRK/YLy8UGNtLEtBYZO4a91NuY566QzxTF6s+B7luK168IsS6YyZ4Dpb8YEs5lSu Bx6k/vF7IZwTa6PZgjxpQuPWGH7NSf1JmomR8CdIaQHBWlGFROo7LOnDH+m5+BPDkMpU39RIrrF 3CksZUV0t/btDkik5nAA1u7ZUKBdz/p21XpoXUtXByMgVFrk8qrjAC/O4aHweKLyCrd5KPqlj0P n1gUDztAS0klnK2RJ1w== X-Proofpoint-GUID: Rb8Xs9oCqHqQewn-oYAiAPuul4m5yAf2 X-Proofpoint-ORIG-GUID: Rb8Xs9oCqHqQewn-oYAiAPuul4m5yAf2 X-Authority-Analysis: v=2.4 cv=O7YJeh9W c=1 sm=1 tr=0 ts=69d8fdd9 cx=c_pps a=SvEPeNj+VMjHSW//kvnxuw==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=_glEPmIy2e8OvE2BGh3C:22 a=VwQbUJbxAAAA:8 a=p0WdMEafAAAA:8 a=EUspDBNiAAAA:8 a=r5tAstHzX-DRmjCks68A:9 a=Kq8ClHjjuc5pcCNDwlU0:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_04,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 phishscore=0 priorityscore=1501 adultscore=0 impostorscore=0 malwarescore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100128 Content-Type: text/plain; charset="utf-8" This adds the admin-guide documentation for dm-inlinecrypt. dm-inlinecrypt.rst is the guide to using dm-inlinecrypt. Signed-off-by: Linlin Zhang --- .../device-mapper/dm-inlinecrypt.rst | 122 ++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 Documentation/admin-guide/device-mapper/dm-inlinecrypt.= rst diff --git a/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst b/D= ocumentation/admin-guide/device-mapper/dm-inlinecrypt.rst new file mode 100644 index 000000000000..c302ba73fc38 --- /dev/null +++ b/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst @@ -0,0 +1,122 @@ +=3D=3D=3D=3D=3D=3D=3D=3D +dm-inlinecrypt +=3D=3D=3D=3D=3D=3D=3D=3D + +Device-Mapper's "inlinecrypt" target provides transparent encryption of bl= ock devices +using the inline encryption hardware. + +For a more detailed description of inline encryption, see: +https://docs.kernel.org/block/inline-encryption.html + +Parameters:: + + \ + [<#opt_params> ] + + + Encryption cipher type. + + The cipher specifications format is:: + + cipher + + Examples:: + + aes-xts-plain64 + + The cipher type is correspond one-to-one with encryption modes. For + instance, the corresponding crypto mode of aes-xts-plain64 is + BLK_ENCRYPTION_MODE_AES_256_XTS. + + + Key used for encryption. It is encoded either as a hexadecimal number + or it can be passed as prefixed with single colon + character (':') for keys residing in kernel keyring service. + You can only use key sizes that are valid for the selected cipher. + Note that the size in bytes of a valid key must be in bellow range. + + [BLK_CRYPTO_KEY_TYPE_RAW, BLK_CRYPTO_KEY_TYPE_HW_WRAPPED] + + + The kernel keyring key is identified by string in following format: + ::. + + + The encryption key size in bytes. The kernel key payload size must mat= ch + the value passed in . + + + Either 'logon', or 'trusted' kernel key type. + + + The kernel keyring key description inlinecrypt target should look for + when loading key of . + + + The IV offset is a sector count that is added to the sector number + before creating the IV. + + + This is the device that is going to be used as backend and contains the + encrypted data. You can specify it as a path like /dev/xxx or a device + number :. + + + Starting sector within the device where the encrypted data begins. + +<#opt_params> + Number of optional parameters. If there are no optional parameters, + the optional parameters section can be skipped or #opt_params can be z= ero. + Otherwise #opt_params is the number of following arguments. + + Example of optional parameters section: + allow_discards sector_size:4096 iv_large_sectors + +allow_discards + Block discard requests (a.k.a. TRIM) are passed through the inlinecrypt + device. The default is to ignore discard requests. + + WARNING: Assess the specific security risks carefully before enabling = this + option. For example, allowing discards on encrypted devices may lead = to + the leak of information about the ciphertext device (filesystem type, + used space etc.) if the discarded blocks can be located easily on the + device later. + +sector_size: + Use as the encryption unit instead of 512 bytes sectors. + This option can be in range 512 - 4096 bytes and must be power of two. + Virtual device will announce this size as a minimal IO and logical sec= tor. + +iv_large_sectors + IV generators will use sector number counted in units + instead of default 512 bytes sectors. + + For example, if is 4096 bytes, plain64 IV for the second + sector will be 8 (without flag) and 1 if iv_large_sectors is present. + The must be multiple of (in 512 bytes units) + if this flag is specified. + +Example scripts +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +LUKS (Linux Unified Key Setup) is now the preferred way to set up disk +encryption with dm-inlinecrypt using the 'cryptsetup' utility, see +https://gitlab.com/cryptsetup/cryptsetup + +:: + + #!/bin/sh + # Create a inlinecrypt device using dmsetup + dmsetup create inlinecrypt1 --table "0 `blockdev --getsz $1` inlinecrypt = aes-xts-plain64 babebabebabebabebabebabebabebabebabebabebabebabebabebabebab= ebabe 0 $1 0" + +:: + + #!/bin/sh + # Create a inlinecrypt device using dmsetup when encryption key is stored= in keyring service + dmsetup create inlinecrypt2 --table "0 `blockdev --getsz $1` inlinecrypt = aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 $1 0" + +:: + + #!/bin/sh + # Create a inlinecrypt device using cryptsetup and LUKS header with defau= lt cipher + cryptsetup luksFormat $1 + cryptsetup luksOpen $1 inlinecrypt1 --=20 2.34.1