fscrypt: log when starting to use inline encryption

When inline encryption is used, the usual message "fscrypt: AES-256-XTS
using implementation <impl>" doesn't appear in the kernel log.  Add a
similar message for the blk-crypto case that indicates that inline
encryption was used, and whether blk-crypto-fallback was used or not.
This can be useful for debugging performance problems.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20220414053415.158986-1-ebiggers@kernel.org

diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 5b0a9e6478b5d4acb8cec249c92217831bdbbac1..33f08f1b1974ed158a191b0d3808e32af5ddd510 100644 (file)
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -561,7 +561,9 @@ struct fscrypt_mode {
        int keysize;            /* key size in bytes */
        int security_strength;  /* security strength in bytes */
        int ivsize;             /* IV size in bytes */
-       int logged_impl_name;
+       int logged_cryptoapi_impl;
+       int logged_blk_crypto_native;
+       int logged_blk_crypto_fallback;
        enum blk_crypto_mode_num blk_crypto_mode;
 };
 

diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c
index 93c2ca8580923dd5ea9f0e66e72d38eb57cb0999..90f3e68f166e393fe6b14f5e54554abd20ee0f52 100644 (file)
--- a/fs/crypto/inline_crypt.c
+++ b/fs/crypto/inline_crypt.c
@@ -12,7 +12,7 @@
  * provides the key and IV to use.
  */
 
-#include <linux/blk-crypto.h>
+#include <linux/blk-crypto-profile.h>
 #include <linux/blkdev.h>
 #include <linux/buffer_head.h>
 #include <linux/sched/mm.h>
@@ -64,6 +64,35 @@ static unsigned int fscrypt_get_dun_bytes(const struct fscrypt_info *ci)
        return DIV_ROUND_UP(lblk_bits, 8);
 }
 
+/*
+ * Log a message when starting to use blk-crypto (native) or blk-crypto-fallback
+ * for an encryption mode for the first time.  This is the blk-crypto
+ * counterpart to the message logged when starting to use the crypto API for the
+ * first time.  A limitation is that these messages don't convey which specific
+ * filesystems or files are using each implementation.  However, *usually*
+ * systems use just one implementation per mode, which makes these messages
+ * helpful for debugging problems where the "wrong" implementation is used.
+ */
+static void fscrypt_log_blk_crypto_impl(struct fscrypt_mode *mode,
+                                       struct request_queue **devs,
+                                       int num_devs,
+                                       const struct blk_crypto_config *cfg)
+{
+       int i;
+
+       for (i = 0; i < num_devs; i++) {
+               if (!IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) ||
+                   __blk_crypto_cfg_supported(devs[i]->crypto_profile, cfg)) {
+                       if (!xchg(&mode->logged_blk_crypto_native, 1))
+                               pr_info("fscrypt: %s using blk-crypto (native)\n",
+                                       mode->friendly_name);
+               } else if (!xchg(&mode->logged_blk_crypto_fallback, 1)) {
+                       pr_info("fscrypt: %s using blk-crypto-fallback\n",
+                               mode->friendly_name);
+               }
+       }
+}
+
 /* Enable inline encryption for this file if supported. */
 int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
 {
@@ -117,6 +146,8 @@ int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
                        goto out_free_devs;
        }
 
+       fscrypt_log_blk_crypto_impl(ci->ci_mode, devs, num_devs, &crypto_cfg);
+
        ci->ci_inlinecrypt = true;
 out_free_devs:
        kfree(devs);

diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index eede186b04ce3b274b8cb7b9d9afdf8e1e45c7cc..6b509af13e0da87d2ae35137c43ab191a6c1b188 100644 (file)
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -94,7 +94,7 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
                            mode->cipher_str, PTR_ERR(tfm));
                return tfm;
        }
-       if (!xchg(&mode->logged_impl_name, 1)) {
+       if (!xchg(&mode->logged_cryptoapi_impl, 1)) {
                /*
                 * fscrypt performance can vary greatly depending on which
                 * crypto algorithm implementation is used.  Help people debug