This is a note to let you know that I've just added the patch titled blk-crypto: make blk_crypto_evict_key() return void to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: blk-crypto-make-blk_crypto_evict_key-return-void.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From stable-owner@xxxxxxxxxxxxxxx Thu May 4 13:03:45 2023 From: Eric Biggers <ebiggers@xxxxxxxxxx> Date: Wed, 3 May 2023 21:03:28 -0700 Subject: blk-crypto: make blk_crypto_evict_key() return void To: stable@xxxxxxxxxxxxxxx Cc: linux-block@xxxxxxxxxxxxxxx, Christoph Hellwig <hch@xxxxxx>, Jens Axboe <axboe@xxxxxxxxx> Message-ID: <20230504040329.106127-3-ebiggers@xxxxxxxxxx> From: Eric Biggers <ebiggers@xxxxxxxxxx> commit 70493a63ba04f754f7a7dd53a4fcc82700181490 upstream. blk_crypto_evict_key() is only called in contexts such as inode eviction where failure is not an option. So there is nothing the caller can do with errors except log them. (dm-table.c does "use" the error code, but only to pass on to upper layers, so it doesn't really count.) Just make blk_crypto_evict_key() return void and log errors itself. Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: Christoph Hellwig <hch@xxxxxx> Link: https://lore.kernel.org/r/20230315183907.53675-2-ebiggers@xxxxxxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- block/blk-crypto.c | 22 ++++++++++------------ drivers/md/dm-table.c | 19 +++++-------------- include/linux/blk-crypto.h | 4 ++-- 3 files changed, 17 insertions(+), 28 deletions(-) --- a/block/blk-crypto.c +++ b/block/blk-crypto.c @@ -13,6 +13,7 @@ #include <linux/blkdev.h> #include <linux/keyslot-manager.h> #include <linux/module.h> +#include <linux/ratelimit.h> #include <linux/slab.h> #include "blk-crypto-internal.h" @@ -393,20 +394,17 @@ int blk_crypto_start_using_key(const str * Upper layers (filesystems) must call this function to ensure that a key is * evicted from any hardware that it might have been programmed into. The key * must not be in use by any in-flight IO when this function is called. - * - * Return: 0 on success or if key is not present in the q's ksm, -err on error. */ -int blk_crypto_evict_key(struct request_queue *q, - const struct blk_crypto_key *key) +void blk_crypto_evict_key(struct request_queue *q, + const struct blk_crypto_key *key) { - if (blk_ksm_crypto_cfg_supported(q->ksm, &key->crypto_cfg)) - return blk_ksm_evict_key(q->ksm, key); + int err; - /* - * If the request queue's associated inline encryption hardware didn't - * have support for the key, then the key might have been programmed - * into the fallback keyslot manager, so try to evict from there. - */ - return blk_crypto_fallback_evict_key(key); + if (blk_ksm_crypto_cfg_supported(q->ksm, &key->crypto_cfg)) + err = blk_ksm_evict_key(q->ksm, key); + else + err = blk_crypto_fallback_evict_key(key); + if (err) + pr_warn_ratelimited("error %d evicting key\n", err); } EXPORT_SYMBOL_GPL(blk_crypto_evict_key); --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -1191,21 +1191,12 @@ struct dm_keyslot_manager { struct mapped_device *md; }; -struct dm_keyslot_evict_args { - const struct blk_crypto_key *key; - int err; -}; - static int dm_keyslot_evict_callback(struct dm_target *ti, struct dm_dev *dev, sector_t start, sector_t len, void *data) { - struct dm_keyslot_evict_args *args = data; - int err; + const struct blk_crypto_key *key = data; - err = blk_crypto_evict_key(bdev_get_queue(dev->bdev), args->key); - if (!args->err) - args->err = err; - /* Always try to evict the key from all devices. */ + blk_crypto_evict_key(bdev_get_queue(dev->bdev), key); return 0; } @@ -1220,7 +1211,6 @@ static int dm_keyslot_evict(struct blk_k struct dm_keyslot_manager, ksm); struct mapped_device *md = dksm->md; - struct dm_keyslot_evict_args args = { key }; struct dm_table *t; int srcu_idx; int i; @@ -1233,10 +1223,11 @@ static int dm_keyslot_evict(struct blk_k ti = dm_table_get_target(t, i); if (!ti->type->iterate_devices) continue; - ti->type->iterate_devices(ti, dm_keyslot_evict_callback, &args); + ti->type->iterate_devices(ti, dm_keyslot_evict_callback, + (void *)key); } dm_put_live_table(md, srcu_idx); - return args.err; + return 0; } static const struct blk_ksm_ll_ops dm_ksm_ll_ops = { --- a/include/linux/blk-crypto.h +++ b/include/linux/blk-crypto.h @@ -97,8 +97,8 @@ int blk_crypto_init_key(struct blk_crypt int blk_crypto_start_using_key(const struct blk_crypto_key *key, struct request_queue *q); -int blk_crypto_evict_key(struct request_queue *q, - const struct blk_crypto_key *key); +void blk_crypto_evict_key(struct request_queue *q, + const struct blk_crypto_key *key); bool blk_crypto_config_supported(struct request_queue *q, const struct blk_crypto_config *cfg); Patches currently in stable-queue which might be from stable-owner@xxxxxxxxxxxxxxx are queue-5.15/blk-crypto-make-blk_crypto_evict_key-more-robust.patch queue-5.15/blk-mq-release-crypto-keyslot-before-reporting-i-o-complete.patch queue-5.15/blk-crypto-make-blk_crypto_evict_key-return-void.patch