system/dev/block/zxcrypt/device.h - zircon - Git at Google

 // Copyright 2017 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #pragma once

 #include <stddef.h>
 #include <stdint.h>
 #include <threads.h>

 #include <bitmap/raw-bitmap.h>
 #include <bitmap/storage.h>
 #include <crypto/cipher.h>
 #include <ddk/device.h>
 #include <ddk/protocol/block.h>
 #include <ddktl/device.h>
 #include <ddktl/protocol/block.h>
 #include <fbl/macros.h>
 #include <fbl/mutex.h>
 #include <lib/zx/port.h>
 #include <lib/zx/vmar.h>
 #include <lib/zx/vmo.h>
 #include <zircon/compiler.h>
 #include <zircon/device/block.h>
 #include <zircon/syscalls/port.h>
 #include <zircon/types.h>

 #include "extra.h"
 #include "worker.h"

 namespace zxcrypt {

 // See ddk::Device in ddktl/device.h
 class Device;
 using DeviceType = ddk::Device<Device, ddk::Ioctlable, ddk::GetSizable, ddk::Unbindable>;

 // |zxcrypt::Device| is an encrypted block device filter driver.  It binds to a block device and
 // transparently encrypts writes to/decrypts reads from that device.  It shadows incoming requests
 // with its own |zxcrypt::Op| request structure that uses a mapped VMO as working memory for
 // cryptographic transformations.
 class Device final : public DeviceType, public ddk::BlockProtocol<Device> {
 public:
     explicit Device(zx_device_t* parent);
     ~Device();

     // Called via ioctl_device_bind.  This method sets up the synchronization primitives and starts
     // the |Init| thread.
     zx_status_t Bind();

     // The body of the |Init| thread.  This method attempts to cryptographically unseal the device
     // for normal operation, and adds it to the device tree if successful.
     zx_status_t Init() __TA_EXCLUDES(mtx_);

     // ddk::Device methods; see ddktl/device.h
     zx_status_t DdkIoctl(uint32_t op, const void* in, size_t in_len, void* out, size_t out_len,
                          size_t* actual) __TA_EXCLUDES(mtx_);
     zx_off_t DdkGetSize() __TA_EXCLUDES(mtx_);
     void DdkUnbind() __TA_EXCLUDES(mtx_);
     void DdkRelease() __TA_EXCLUDES(mtx_);

     // ddk::BlockProtocol methods; see ddktl/protocol/block.h
     void BlockQuery(block_info_t* out_info, size_t* out_op_size) __TA_EXCLUDES(mtx_);
     void BlockQueue(block_op_t* block) __TA_EXCLUDES(mtx_);

     // Send |block| to the parent of the device stored in |txn->cookie|.
     void BlockForward(block_op_t* block) __TA_EXCLUDES(mtx_);

     // I/O callback invoked by the parent device.  Stored in |block->completion_cb| by |BlockQueue|.
     static void BlockComplete(block_op_t* block, zx_status_t rc) __TA_EXCLUDES(mtx_);

     // Completes a |block| returning from the parent device stored in |txn->cookie| and returns it
     // to the caller of |DdkIotxnQueue|.
     void BlockRelease(block_op_t* block, zx_status_t rc) __TA_EXCLUDES(mtx_);

 private:
     DISALLOW_COPY_ASSIGN_AND_MOVE(Device);

     // TODO(aarongreen): Investigate performance impact of changing this.
     // Number of encrypting/decrypting workers
     static const size_t kNumWorkers = 2;

     // Increments the amount of work this device has outstanding.  This should be called at the
     // start of any method that shouldn't be invoked after the device has been unbound.  It notably
     // is called in |Init| to prevent the work from dropping to zero before |DdkUnbind| is called.
     // Returns ZX_ERR_BAD_STATE if |DdkUnbind| has been called.
     zx_status_t AddTaskLocked() __TA_REQUIRES(mtx_);

     // Decrements the amount of work this task has outstanding.  This should be called whenever the
     // work started with a call to |addTask| completes.  When the amount of work reaches zero,
     // |DdkRemove| is called.  It notably is called in |DdkUnbind| to cause |DdkRemove| to be called
     // automatically once the device finishes its current workload.
     void FinishTaskLocked() __TA_REQUIRES(mtx_);

     // Attempts to reserve space in the working buffer to process |block|.  If space can't be found,
     // returns ZX_ERR_SHOULD_WAIT. In this case, the block can be re-queued using |BlockRequeue|
     // when resources are available.
     zx_status_t BlockAcquire(block_op_t* block);

     // Attempts to reserve space in the working buffer to process |len| blocks.  If space can't be
     // found returns ZX_ERR_SHOULD_WAIT, otherwise it fills in |extra| with the details of the
     // reserved space.
     zx_status_t BlockAcquireLocked(uint64_t len, extra_op_t* extra) __TA_REQUIRES(mtx_);

     // Attempts to acquire resources for a previously deferred request.  Returns:
     //  |ZX_ERR_NEXT| if successful and |ProcessBlock| can be called with |out_block| and |out_off|.
     //  |ZX_ERR_STOP| if there are no outstanding deferred requests
     //  |ZX_ERR_SHOULD_WAIT| if there still aren't enough resources available.
     zx_status_t BlockRequeue(block_op_t** out_block);

     // Take a |block|, prepare it to be transformed, and send it to a worker.
     void ProcessBlock(block_op_t* block) __TA_EXCLUDES(mtx_);

     // Marks the blocks from |off| to |off + len| as available.  Signals waiting callers if
     // |AcquireBlocks| previously returned ZX_ERR_SHOULD_WAIT.
     void ReleaseBlock(extra_op_t* extra) __TA_EXCLUDES(mtx_);

     // Unsynchronized fields

     // This struct bundles several commonly accessed fields.  The bare pointer IS owned by the
     // object; it's "constness" prevents it from being an automatic pointer but allows it to be used
     // without holding the lock.  It is allocated and "constified" in |Init|, and |DdkRelease| must
     // "deconstify" and free it.
     struct DeviceInfo {
         // The parent device's block information
         uint32_t block_size;
         // The parent device's required block_op_t size.
         size_t op_size;
         // Callbacks to the parent's block protocol methods.
         block_protocol_t proto;
         // The number of blocks reserved for metadata.
         uint64_t reserved_blocks;
         // The number of slices reserved for metadata.
         uint64_t reserved_slices;
         // A memory region used when encrypting/decrypting I/O transactions.
         zx::vmo vmo;
     };
     const DeviceInfo* info_;

     // Thread-related fields

     // The |Init| thread, used to configure and add the device.
     thrd_t init_;
     // Threads that performs encryption/decryption.
     Worker workers_[kNumWorkers];
     // Port used to send write/read operations to be encrypted/decrypted.
     zx::port port_;
     // Primary lock for accessing the fields below
     fbl::Mutex mtx_;

     // Synchronized fields

     // Indicates whether this object is ready for I/O.
     bool active_ __TA_GUARDED(mtx_);
     // The number of outstanding tasks.  See |AddTask| and |FinishTask|.
     uint64_t tasks_;
     // Base address of the VMAR backing |rw_.vmo|.
     uintptr_t mapped_ __TA_GUARDED(mtx_);
     uint8_t* base_;

     // Indicates which ops (and corresponding blocks in the VMO) are in use.
     bitmap::RawBitmapGeneric<bitmap::DefaultStorage> map_ __TA_GUARDED(mtx_);
     // Offset in the bitmap of the most recently allocated bit.
     size_t last_ __TA_GUARDED(mtx_);

     // Describes a queue of deferred block requests.
     extra_op_t* head_ __TA_GUARDED(mtx_);
     extra_op_t* tail_ __TA_GUARDED(mtx_);
 };

 } // namespace zxcrypt
	// Copyright 2017 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#pragma once

	#include <stddef.h>
	#include <stdint.h>
	#include <threads.h>

	#include <bitmap/raw-bitmap.h>
	#include <bitmap/storage.h>
	#include <crypto/cipher.h>
	#include <ddk/device.h>
	#include <ddk/protocol/block.h>
	#include <ddktl/device.h>
	#include <ddktl/protocol/block.h>
	#include <fbl/macros.h>
	#include <fbl/mutex.h>
	#include <lib/zx/port.h>
	#include <lib/zx/vmar.h>
	#include <lib/zx/vmo.h>
	#include <zircon/compiler.h>
	#include <zircon/device/block.h>
	#include <zircon/syscalls/port.h>
	#include <zircon/types.h>

	#include "extra.h"
	#include "worker.h"

	namespace zxcrypt {

	// See ddk::Device in ddktl/device.h
	class Device;
	using DeviceType = ddk::Device<Device, ddk::Ioctlable, ddk::GetSizable, ddk::Unbindable>;

	// \|zxcrypt::Device\| is an encrypted block device filter driver. It binds to a block device and
	// transparently encrypts writes to/decrypts reads from that device. It shadows incoming requests
	// with its own \|zxcrypt::Op\| request structure that uses a mapped VMO as working memory for
	// cryptographic transformations.
	class Device final : public DeviceType, public ddk::BlockProtocol<Device> {
	public:
	explicit Device(zx_device_t* parent);
	~Device();

	// Called via ioctl_device_bind. This method sets up the synchronization primitives and starts
	// the \|Init\| thread.
	zx_status_t Bind();

	// The body of the \|Init\| thread. This method attempts to cryptographically unseal the device
	// for normal operation, and adds it to the device tree if successful.
	zx_status_t Init() __TA_EXCLUDES(mtx_);

	// ddk::Device methods; see ddktl/device.h
	zx_status_t DdkIoctl(uint32_t op, const void* in, size_t in_len, void* out, size_t out_len,
	size_t* actual) __TA_EXCLUDES(mtx_);
	zx_off_t DdkGetSize() __TA_EXCLUDES(mtx_);
	void DdkUnbind() __TA_EXCLUDES(mtx_);
	void DdkRelease() __TA_EXCLUDES(mtx_);

	// ddk::BlockProtocol methods; see ddktl/protocol/block.h
	void BlockQuery(block_info_t* out_info, size_t* out_op_size) __TA_EXCLUDES(mtx_);
	void BlockQueue(block_op_t* block) __TA_EXCLUDES(mtx_);

	// Send \|block\| to the parent of the device stored in \|txn->cookie\|.
	void BlockForward(block_op_t* block) __TA_EXCLUDES(mtx_);

	// I/O callback invoked by the parent device. Stored in \|block->completion_cb\| by \|BlockQueue\|.
	static void BlockComplete(block_op_t* block, zx_status_t rc) __TA_EXCLUDES(mtx_);

	// Completes a \|block\| returning from the parent device stored in \|txn->cookie\| and returns it
	// to the caller of \|DdkIotxnQueue\|.
	void BlockRelease(block_op_t* block, zx_status_t rc) __TA_EXCLUDES(mtx_);

	private:
	DISALLOW_COPY_ASSIGN_AND_MOVE(Device);

	// TODO(aarongreen): Investigate performance impact of changing this.
	// Number of encrypting/decrypting workers
	static const size_t kNumWorkers = 2;

	// Increments the amount of work this device has outstanding. This should be called at the
	// start of any method that shouldn't be invoked after the device has been unbound. It notably
	// is called in \|Init\| to prevent the work from dropping to zero before \|DdkUnbind\| is called.
	// Returns ZX_ERR_BAD_STATE if \|DdkUnbind\| has been called.
	zx_status_t AddTaskLocked() __TA_REQUIRES(mtx_);

	// Decrements the amount of work this task has outstanding. This should be called whenever the
	// work started with a call to \|addTask\| completes. When the amount of work reaches zero,
	// \|DdkRemove\| is called. It notably is called in \|DdkUnbind\| to cause \|DdkRemove\| to be called
	// automatically once the device finishes its current workload.
	void FinishTaskLocked() __TA_REQUIRES(mtx_);

	// Attempts to reserve space in the working buffer to process \|block\|. If space can't be found,
	// returns ZX_ERR_SHOULD_WAIT. In this case, the block can be re-queued using \|BlockRequeue\|
	// when resources are available.
	zx_status_t BlockAcquire(block_op_t* block);

	// Attempts to reserve space in the working buffer to process \|len\| blocks. If space can't be
	// found returns ZX_ERR_SHOULD_WAIT, otherwise it fills in \|extra\| with the details of the
	// reserved space.
	zx_status_t BlockAcquireLocked(uint64_t len, extra_op_t* extra) __TA_REQUIRES(mtx_);

	// Attempts to acquire resources for a previously deferred request. Returns:
	// \|ZX_ERR_NEXT\| if successful and \|ProcessBlock\| can be called with \|out_block\| and \|out_off\|.
	// \|ZX_ERR_STOP\| if there are no outstanding deferred requests
	// \|ZX_ERR_SHOULD_WAIT\| if there still aren't enough resources available.
	zx_status_t BlockRequeue(block_op_t** out_block);

	// Take a \|block\|, prepare it to be transformed, and send it to a worker.
	void ProcessBlock(block_op_t* block) __TA_EXCLUDES(mtx_);

	// Marks the blocks from \|off\| to \|off + len\| as available. Signals waiting callers if
	// \|AcquireBlocks\| previously returned ZX_ERR_SHOULD_WAIT.
	void ReleaseBlock(extra_op_t* extra) __TA_EXCLUDES(mtx_);

	// Unsynchronized fields

	// This struct bundles several commonly accessed fields. The bare pointer IS owned by the
	// object; it's "constness" prevents it from being an automatic pointer but allows it to be used
	// without holding the lock. It is allocated and "constified" in \|Init\|, and \|DdkRelease\| must
	// "deconstify" and free it.
	struct DeviceInfo {
	// The parent device's block information
	uint32_t block_size;
	// The parent device's required block_op_t size.
	size_t op_size;
	// Callbacks to the parent's block protocol methods.
	block_protocol_t proto;
	// The number of blocks reserved for metadata.
	uint64_t reserved_blocks;
	// The number of slices reserved for metadata.
	uint64_t reserved_slices;
	// A memory region used when encrypting/decrypting I/O transactions.
	zx::vmo vmo;
	};
	const DeviceInfo* info_;

	// Thread-related fields

	// The \|Init\| thread, used to configure and add the device.
	thrd_t init_;
	// Threads that performs encryption/decryption.
	Worker workers_[kNumWorkers];
	// Port used to send write/read operations to be encrypted/decrypted.
	zx::port port_;
	// Primary lock for accessing the fields below
	fbl::Mutex mtx_;

	// Synchronized fields

	// Indicates whether this object is ready for I/O.
	bool active_ __TA_GUARDED(mtx_);
	// The number of outstanding tasks. See \|AddTask\| and \|FinishTask\|.
	uint64_t tasks_;
	// Base address of the VMAR backing \|rw_.vmo\|.
	uintptr_t mapped_ __TA_GUARDED(mtx_);
	uint8_t* base_;

	// Indicates which ops (and corresponding blocks in the VMO) are in use.
	bitmap::RawBitmapGeneric<bitmap::DefaultStorage> map_ __TA_GUARDED(mtx_);
	// Offset in the bitmap of the most recently allocated bit.
	size_t last_ __TA_GUARDED(mtx_);

	// Describes a queue of deferred block requests.
	extra_op_t* head_ __TA_GUARDED(mtx_);
	extra_op_t* tail_ __TA_GUARDED(mtx_);
	};

	} // namespace zxcrypt