#
81bcf6ec |
|
26-Jun-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrpyt] Improve driver logging This CL adds more zxlogf(SPEW)s to track control flow through the driver when requested. Test: zxcrypt unit tests Change-Id: I72e455b156e535b3844244e08bf4321c64e9b0ec
|
#
252d2a08 |
|
10-Jul-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Save and restore offset_vmo This CL adds block_op_t.rw.offset_vmo to the fields saved and restored by the zxcrypt driver. Some real disks modify the VMO offset, which led to it being incorrect when trying to decrypt certain reads, which in turn caused the devhost to page fault. SEC-26 #comment bugfix Change-Id: I535c5f2159891fded8d94b1761e159226d6dfc09 Tests: Manually via mkfs/fsck with minfs, and the zxcrypt unit tests
|
#
6d81a871 |
|
22-Jun-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Zero-copy reads Relanding CL 156789 with flake fixes in place. This CL refactors the zxcrypt encrypted block device filter driver. this driver uses an internal buffer to hide cryptographic transformations from the upper layers. For example, if a filesystem uses some memory to write a block and then reads from that memory, it may reasonably expect to find the plaintext data it wrote. However, in the case of reads the previous contents of the buffer are always clobbered. As a result, there's no downside to doing the decryption in-place, and the internal buffer can be avoided. As part of this refactor, efforts were also made to lean more on atomics where possible and reduce locking to only those concerns which directly affect the internal write buffer. As a consequence, the lifecycle code around DdkUnbind and DdkRelease was also improved. ZX-1811 #comment Bypasses copying between VMOs on read. Test: zxcrypt unit tests. Change-Id: I9755a109d3ed509f95b1f40eab5e2a896cfa6bd9
|
#
cf17e435 |
|
22-Jun-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Replace custom queue with list_node_t This CL replaces the custom queue managed by |head_| and |tail_| with a list_node_t. At least one ASAN flake was observed in the queue code. Rather than hunt down racy edge cases, a better approach is to replace it with a known good implementation. SEC-26 #comment Removes blocking flake Test: zxcrypt unit tests Change-Id: I1e886980ea33a0ac912b2d08e388b31b556a5c94
|
#
8bf6108e |
|
22-Jun-2018 |
Aaron Green <aarongreen@google.com> |
Revert "[zxcrypt] Zero-copy reads" This reverts commit 0137fff03c613c941bc268d263d2770532cc2948. Reason for revert: CL appears to have introduced test flake in TestVmoFirstBlockFvm_AES256_XTS_SHA256. Original change's description: > [zxcrypt] Zero-copy reads > > This CL refactors the zxcrypt encrypted block device filter driver. this > driver uses an internal buffer to hide cryptographic transformations > from the upper layers. For example, if a filesystem uses some memory to > write a block and then reads from that memory, it may reasonably expect > to find the plaintext data it wrote. > > However, in the case of reads the previous contents of the buffer are > always clobbered. As a result, there's no downside to doing the > decryption in-place, and the internal buffer can be avoided. > > As part of this refactor, efforts were also made to lean more on atomics > where possible and reduce locking to only those concerns which directly > affect the internal write buffer. As a consequence, the lifecycle code > around DdkUnbind and DdkRelease was also improved. > > ZX-1811 #comment Should improve, performace, will measure and update > > Test: Ran zxcrypt unit tests. > > Change-Id: I929e8499ee9f0d359bede2f75530b75da5e86070 TBR=smklein@google.com,aarongreen@google.com,joshlf@google.com Change-Id: I1fe983ba124108d4ae6361ac7729949f503e4309 No-Presubmit: true No-Tree-Checks: true No-Try: true
|
#
0137fff0 |
|
21-May-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Zero-copy reads This CL refactors the zxcrypt encrypted block device filter driver. this driver uses an internal buffer to hide cryptographic transformations from the upper layers. For example, if a filesystem uses some memory to write a block and then reads from that memory, it may reasonably expect to find the plaintext data it wrote. However, in the case of reads the previous contents of the buffer are always clobbered. As a result, there's no downside to doing the decryption in-place, and the internal buffer can be avoided. As part of this refactor, efforts were also made to lean more on atomics where possible and reduce locking to only those concerns which directly affect the internal write buffer. As a consequence, the lifecycle code around DdkUnbind and DdkRelease was also improved. ZX-1811 #comment Should improve, performace, will measure and update Test: Ran zxcrypt unit tests. Change-Id: I929e8499ee9f0d359bede2f75530b75da5e86070
|
#
dacd6af7 |
|
24-Apr-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Don't cache parent block information This CL removes the copy of the block_info_t from the zxcrypt device. Caching such information caused it to be invalid after FVM resizes. This also caused the 'synthetic' block size to be removed, which hasn't been needed since the Jan. refactor, and which broke atomicity with lower layers. ZX-1948 #comment Fixed Change-Id: I8d2e9ab8eb965f7ead1796eb38d9dc0e6ee939f8
|