LinuxQuestions.org - Transparent encryption/decryption on top of block device

- Linux - Kernel (https://www.linuxquestions.org/questions/linux-kernel-70/)

- - Transparent encryption/decryption on top of block device (https://www.linuxquestions.org/questions/linux-kernel-70/transparent-encryption-decryption-on-top-of-block-device-4175637298/)

Transparent encryption/decryption on top of block device

Hi All!

Need help!

I have tried to implement a block layered device driver which performs transparent encryption/decryption of data by interception WRITE/READ request ...
Now I have tried to resolve problem with incorrect data buffers content when more then one process performs I/O on block device like /dev/sda.

A part of driver is placed for review at :
http://codepad.org/IEqHY9er

Code:

static        void        __dua_bio_endio        (

                        struct bio *        iob

                                )

{

IOB_ARGS *iob_args = NULL;

struct bio *orig_bio = NULL;



        iob_args = iob->bi_private;



        if ( bio_data_dir(iob) == READ )

                {

                /* Restore has been replaced fields ... */

                iob->bi_end_io = iob_args->bi_end_io;

                iob->bi_private = iob_args->bi_private;

                iob->bi_iter = iob_args->bi_iter;



                /*

                * In case of READ request - we getting original READ BIO,

                * so we should decrypt data buffer right now at the place

                */

                __dua_bio_enc_dec(iob, iob_args->bi_sector, DUDRV$K_DECRYPT);



                /* Decrement reference count to original BIO        */

                bio_put(iob);



                /* Call Complete I/O for original BIO */

                bio_endio (iob);

                }

...

}

As u can see data decrypted on the place.

Why can't you add a flag to indicate whether the block has already been processed?

Quote:

Originally Posted by smallpond (Post 5898668)

Why can't you add a flag to indicate whether the block has already been processed?

It will not help because a single BIO can carry a huge number of disk blocks, more over bottom level device driver can call make_request_fn() routine to splitting big BIO to several small ...