Transparent encryption/decryption on top of block device

dr.SysMan · 08-28-2018, 06:57 AM

Hi All!

Need help!

I have tried to implement a block layered device driver which performs transparent encryption/decryption of data by interception WRITE/READ request ...
Now I have tried to resolve problem with incorrect data buffers content when more then one process performs I/O on block device like /dev/sda.

A part of driver is placed for review at :
http://codepad.org/IEqHY9er

Code:

static	void	__dua_bio_endio	(
			struct bio *	iob
				)
{
IOB_ARGS *iob_args = NULL;
struct bio *orig_bio = NULL;

	iob_args = iob->bi_private;

	if ( bio_data_dir(iob) == READ )
		{
		/* Restore has been replaced fields ... */
		iob->bi_end_io = iob_args->bi_end_io;
		iob->bi_private = iob_args->bi_private;
		iob->bi_iter = iob_args->bi_iter;

		/*
		 * In case of READ request - we getting original READ BIO,
		 * so we should decrypt data buffer right now at the place
		 */
		__dua_bio_enc_dec(iob, iob_args->bi_sector, DUDRV$K_DECRYPT);

		/* Decrement reference count to original BIO	*/
		bio_put(iob);

		/* Call Complete I/O for original BIO */
		bio_endio (iob);
		}
...
}

As u can see data decrypted on the place.

smallpond · 09-01-2018, 08:24 AM

Why can't you add a flag to indicate whether the block has already been processed?

dr.SysMan · 11-13-2018, 08:24 AM

Quote:

Originally Posted by smallpond

Why can't you add a flag to indicate whether the block has already been processed?

It will not help because a single BIO can carry a huge number of disk blocks, more over bottom level device driver can call make_request_fn() routine to splitting big BIO to several small ...