bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "EncryptInplace.h" |
| 18 | |
| 19 | #include <ext4_utils/ext4.h> |
| 20 | #include <ext4_utils/ext4_utils.h> |
| 21 | #include <f2fs_sparseblock.h> |
| 22 | #include <fcntl.h> |
| 23 | #include <inttypes.h> |
| 24 | #include <stdint.h> |
| 25 | #include <stdio.h> |
| 26 | #include <sys/stat.h> |
| 27 | #include <sys/types.h> |
| 28 | #include <time.h> |
| 29 | |
| 30 | #include <algorithm> |
| 31 | |
| 32 | #include <android-base/logging.h> |
| 33 | #include <android-base/properties.h> |
| 34 | |
| 35 | // HORRIBLE HACK, FIXME |
| 36 | #include "cryptfs.h" |
| 37 | |
| 38 | // FIXME horrible cut-and-paste code |
| 39 | static inline int unix_read(int fd, void* buff, int len) { |
| 40 | return TEMP_FAILURE_RETRY(read(fd, buff, len)); |
| 41 | } |
| 42 | |
| 43 | static inline int unix_write(int fd, const void* buff, int len) { |
| 44 | return TEMP_FAILURE_RETRY(write(fd, buff, len)); |
| 45 | } |
| 46 | |
| 47 | #define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE) |
| 48 | |
| 49 | /* aligned 32K writes tends to make flash happy. |
| 50 | * SD card association recommends it. |
| 51 | */ |
| 52 | #ifndef CONFIG_HW_DISK_ENCRYPTION |
| 53 | #define BLOCKS_AT_A_TIME 8 |
| 54 | #else |
| 55 | #define BLOCKS_AT_A_TIME 1024 |
| 56 | #endif |
| 57 | |
| 58 | struct encryptGroupsData { |
| 59 | int realfd; |
| 60 | int cryptofd; |
| 61 | off64_t numblocks; |
| 62 | off64_t one_pct, cur_pct, new_pct; |
| 63 | off64_t blocks_already_done, tot_numblocks; |
| 64 | off64_t used_blocks_already_done, tot_used_blocks; |
| 65 | const char* real_blkdev; |
| 66 | const char* crypto_blkdev; |
| 67 | int count; |
| 68 | off64_t offset; |
| 69 | char* buffer; |
| 70 | off64_t last_written_sector; |
| 71 | int completed; |
| 72 | time_t time_started; |
| 73 | int remaining_time; |
| 74 | bool set_progress_properties; |
| 75 | }; |
| 76 | |
| 77 | static void update_progress(struct encryptGroupsData* data, int is_used) { |
| 78 | data->blocks_already_done++; |
| 79 | |
| 80 | if (is_used) { |
| 81 | data->used_blocks_already_done++; |
| 82 | } |
| 83 | if (data->tot_used_blocks) { |
| 84 | data->new_pct = data->used_blocks_already_done / data->one_pct; |
| 85 | } else { |
| 86 | data->new_pct = data->blocks_already_done / data->one_pct; |
| 87 | } |
| 88 | |
| 89 | if (!data->set_progress_properties) return; |
| 90 | |
| 91 | if (data->new_pct > data->cur_pct) { |
| 92 | char buf[8]; |
| 93 | data->cur_pct = data->new_pct; |
| 94 | snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct); |
| 95 | android::base::SetProperty("vold.encrypt_progress", buf); |
| 96 | } |
| 97 | |
| 98 | if (data->cur_pct >= 5) { |
| 99 | struct timespec time_now; |
| 100 | if (clock_gettime(CLOCK_MONOTONIC, &time_now)) { |
| 101 | LOG(WARNING) << "Error getting time"; |
| 102 | } else { |
| 103 | double elapsed_time = difftime(time_now.tv_sec, data->time_started); |
| 104 | off64_t remaining_blocks = data->tot_used_blocks - data->used_blocks_already_done; |
| 105 | int remaining_time = |
| 106 | (int)(elapsed_time * remaining_blocks / data->used_blocks_already_done); |
| 107 | |
| 108 | // Change time only if not yet set, lower, or a lot higher for |
| 109 | // best user experience |
| 110 | if (data->remaining_time == -1 || remaining_time < data->remaining_time || |
| 111 | remaining_time > data->remaining_time + 60) { |
| 112 | char buf[8]; |
| 113 | snprintf(buf, sizeof(buf), "%d", remaining_time); |
| 114 | android::base::SetProperty("vold.encrypt_time_remaining", buf); |
| 115 | data->remaining_time = remaining_time; |
| 116 | } |
| 117 | } |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | static void log_progress(struct encryptGroupsData const* data, bool completed) { |
| 122 | // Precondition - if completed data = 0 else data != 0 |
| 123 | |
| 124 | // Track progress so we can skip logging blocks |
| 125 | static off64_t offset = -1; |
| 126 | |
| 127 | // Need to close existing 'Encrypting from' log? |
| 128 | if (completed || (offset != -1 && data->offset != offset)) { |
| 129 | LOG(INFO) << "Encrypted to sector " << offset / info.block_size * CRYPT_SECTOR_SIZE; |
| 130 | offset = -1; |
| 131 | } |
| 132 | |
| 133 | // Need to start new 'Encrypting from' log? |
| 134 | if (!completed && offset != data->offset) { |
| 135 | LOG(INFO) << "Encrypting from sector " << data->offset / info.block_size * CRYPT_SECTOR_SIZE; |
| 136 | } |
| 137 | |
| 138 | // Update offset |
| 139 | if (!completed) { |
| 140 | offset = data->offset + (off64_t)data->count * info.block_size; |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | static int flush_outstanding_data(struct encryptGroupsData* data) { |
| 145 | if (data->count == 0) { |
| 146 | return 0; |
| 147 | } |
| 148 | |
| 149 | LOG(DEBUG) << "Copying " << data->count << " blocks at offset " << data->offset; |
| 150 | |
| 151 | if (pread64(data->realfd, data->buffer, info.block_size * data->count, data->offset) <= 0) { |
| 152 | LOG(ERROR) << "Error reading real_blkdev " << data->real_blkdev << " for inplace encrypt"; |
| 153 | return -1; |
| 154 | } |
| 155 | |
| 156 | if (pwrite64(data->cryptofd, data->buffer, info.block_size * data->count, data->offset) <= 0) { |
| 157 | LOG(ERROR) << "Error writing crypto_blkdev " << data->crypto_blkdev |
| 158 | << " for inplace encrypt"; |
| 159 | return -1; |
| 160 | } else { |
| 161 | log_progress(data, false); |
| 162 | } |
| 163 | |
| 164 | data->count = 0; |
| 165 | data->last_written_sector = |
| 166 | (data->offset + data->count) / info.block_size * CRYPT_SECTOR_SIZE - 1; |
| 167 | return 0; |
| 168 | } |
| 169 | |
| 170 | static int encrypt_groups(struct encryptGroupsData* data) { |
| 171 | unsigned int i; |
| 172 | u8* block_bitmap = 0; |
| 173 | unsigned int block; |
| 174 | off64_t ret; |
| 175 | int rc = -1; |
| 176 | |
| 177 | data->buffer = (char*)malloc(info.block_size * BLOCKS_AT_A_TIME); |
| 178 | if (!data->buffer) { |
| 179 | LOG(ERROR) << "Failed to allocate crypto buffer"; |
| 180 | goto errout; |
| 181 | } |
| 182 | |
| 183 | block_bitmap = (u8*)malloc(info.block_size); |
| 184 | if (!block_bitmap) { |
| 185 | LOG(ERROR) << "failed to allocate block bitmap"; |
| 186 | goto errout; |
| 187 | } |
| 188 | |
| 189 | for (i = 0; i < aux_info.groups; ++i) { |
| 190 | LOG(INFO) << "Encrypting group " << i; |
| 191 | |
| 192 | u32 first_block = aux_info.first_data_block + i * info.blocks_per_group; |
| 193 | u32 block_count = std::min(info.blocks_per_group, (u32)(aux_info.len_blocks - first_block)); |
| 194 | |
| 195 | off64_t offset = (u64)info.block_size * aux_info.bg_desc[i].bg_block_bitmap; |
| 196 | |
| 197 | ret = pread64(data->realfd, block_bitmap, info.block_size, offset); |
| 198 | if (ret != (int)info.block_size) { |
| 199 | LOG(ERROR) << "failed to read all of block group bitmap " << i; |
| 200 | goto errout; |
| 201 | } |
| 202 | |
| 203 | offset = (u64)info.block_size * first_block; |
| 204 | |
| 205 | data->count = 0; |
| 206 | |
| 207 | for (block = 0; block < block_count; block++) { |
| 208 | int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) |
| 209 | ? 0 |
| 210 | : bitmap_get_bit(block_bitmap, block); |
| 211 | update_progress(data, used); |
| 212 | if (used) { |
| 213 | if (data->count == 0) { |
| 214 | data->offset = offset; |
| 215 | } |
| 216 | data->count++; |
| 217 | } else { |
| 218 | if (flush_outstanding_data(data)) { |
| 219 | goto errout; |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | offset += info.block_size; |
| 224 | |
| 225 | /* Write data if we are aligned or buffer size reached */ |
| 226 | if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0 || |
| 227 | data->count == BLOCKS_AT_A_TIME) { |
| 228 | if (flush_outstanding_data(data)) { |
| 229 | goto errout; |
| 230 | } |
| 231 | } |
| 232 | } |
| 233 | if (flush_outstanding_data(data)) { |
| 234 | goto errout; |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | data->completed = 1; |
| 239 | rc = 0; |
| 240 | |
| 241 | errout: |
| 242 | log_progress(0, true); |
| 243 | free(data->buffer); |
| 244 | free(block_bitmap); |
| 245 | return rc; |
| 246 | } |
| 247 | |
| 248 | static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* real_blkdev, |
| 249 | off64_t size, off64_t* size_already_done, off64_t tot_size, |
| 250 | off64_t previously_encrypted_upto, |
| 251 | bool set_progress_properties) { |
| 252 | u32 i; |
| 253 | struct encryptGroupsData data; |
| 254 | int rc; // Can't initialize without causing warning -Wclobbered |
| 255 | int retries = RETRY_MOUNT_ATTEMPTS; |
| 256 | struct timespec time_started = {0}; |
| 257 | |
| 258 | if (previously_encrypted_upto > *size_already_done) { |
| 259 | LOG(DEBUG) << "Not fast encrypting since resuming part way through"; |
| 260 | return -1; |
| 261 | } |
| 262 | |
| 263 | memset(&data, 0, sizeof(data)); |
| 264 | data.real_blkdev = real_blkdev; |
| 265 | data.crypto_blkdev = crypto_blkdev; |
| 266 | data.set_progress_properties = set_progress_properties; |
| 267 | |
| 268 | LOG(DEBUG) << "Opening" << real_blkdev; |
| 269 | if ((data.realfd = open(real_blkdev, O_RDWR | O_CLOEXEC)) < 0) { |
| 270 | PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for inplace encrypt"; |
| 271 | rc = -1; |
| 272 | goto errout; |
| 273 | } |
| 274 | |
| 275 | LOG(DEBUG) << "Opening" << crypto_blkdev; |
| 276 | // Wait until the block device appears. Re-use the mount retry values since it is reasonable. |
| 277 | while ((data.cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { |
| 278 | if (--retries) { |
| 279 | PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev |
| 280 | << " for ext4 inplace encrypt, retrying"; |
| 281 | sleep(RETRY_MOUNT_DELAY_SECONDS); |
| 282 | } else { |
| 283 | PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev |
| 284 | << " for ext4 inplace encrypt"; |
| 285 | rc = ENABLE_INPLACE_ERR_DEV; |
| 286 | goto errout; |
| 287 | } |
| 288 | } |
| 289 | |
| 290 | if (setjmp(setjmp_env)) { // NOLINT |
| 291 | LOG(ERROR) << "Reading ext4 extent caused an exception"; |
| 292 | rc = -1; |
| 293 | goto errout; |
| 294 | } |
| 295 | |
| 296 | if (read_ext(data.realfd, 0) != 0) { |
| 297 | LOG(ERROR) << "Failed to read ext4 extent"; |
| 298 | rc = -1; |
| 299 | goto errout; |
| 300 | } |
| 301 | |
| 302 | data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; |
| 303 | data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; |
| 304 | data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; |
| 305 | |
| 306 | LOG(INFO) << "Encrypting ext4 filesystem in place..."; |
| 307 | |
| 308 | data.tot_used_blocks = data.numblocks; |
| 309 | for (i = 0; i < aux_info.groups; ++i) { |
| 310 | data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count; |
| 311 | } |
| 312 | |
| 313 | data.one_pct = data.tot_used_blocks / 100; |
| 314 | data.cur_pct = 0; |
| 315 | |
| 316 | if (clock_gettime(CLOCK_MONOTONIC, &time_started)) { |
| 317 | LOG(WARNING) << "Error getting time at start"; |
| 318 | // Note - continue anyway - we'll run with 0 |
| 319 | } |
| 320 | data.time_started = time_started.tv_sec; |
| 321 | data.remaining_time = -1; |
| 322 | |
| 323 | rc = encrypt_groups(&data); |
| 324 | if (rc) { |
| 325 | LOG(ERROR) << "Error encrypting groups"; |
| 326 | goto errout; |
| 327 | } |
| 328 | |
| 329 | *size_already_done += data.completed ? size : data.last_written_sector; |
| 330 | rc = 0; |
| 331 | |
| 332 | errout: |
| 333 | close(data.realfd); |
| 334 | close(data.cryptofd); |
| 335 | |
| 336 | return rc; |
| 337 | } |
| 338 | |
| 339 | static void log_progress_f2fs(u64 block, bool completed) { |
| 340 | // Precondition - if completed data = 0 else data != 0 |
| 341 | |
| 342 | // Track progress so we can skip logging blocks |
| 343 | static u64 last_block = (u64)-1; |
| 344 | |
| 345 | // Need to close existing 'Encrypting from' log? |
| 346 | if (completed || (last_block != (u64)-1 && block != last_block + 1)) { |
| 347 | LOG(INFO) << "Encrypted to block " << last_block; |
| 348 | last_block = -1; |
| 349 | } |
| 350 | |
| 351 | // Need to start new 'Encrypting from' log? |
| 352 | if (!completed && (last_block == (u64)-1 || block != last_block + 1)) { |
| 353 | LOG(INFO) << "Encrypting from block " << block; |
| 354 | } |
| 355 | |
| 356 | // Update offset |
| 357 | if (!completed) { |
| 358 | last_block = block; |
| 359 | } |
| 360 | } |
| 361 | |
| 362 | static int encrypt_one_block_f2fs(u64 pos, void* data) { |
| 363 | struct encryptGroupsData* priv_dat = (struct encryptGroupsData*)data; |
| 364 | |
| 365 | priv_dat->blocks_already_done = pos - 1; |
| 366 | update_progress(priv_dat, 1); |
| 367 | |
| 368 | off64_t offset = pos * CRYPT_INPLACE_BUFSIZE; |
| 369 | |
| 370 | if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) { |
| 371 | LOG(ERROR) << "Error reading real_blkdev " << priv_dat->crypto_blkdev |
| 372 | << " for f2fs inplace encrypt"; |
| 373 | return -1; |
| 374 | } |
| 375 | |
| 376 | if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) { |
| 377 | LOG(ERROR) << "Error writing crypto_blkdev " << priv_dat->crypto_blkdev |
| 378 | << " for f2fs inplace encrypt"; |
| 379 | return -1; |
| 380 | } else { |
| 381 | log_progress_f2fs(pos, false); |
| 382 | } |
| 383 | |
| 384 | return 0; |
| 385 | } |
| 386 | |
| 387 | static int cryptfs_enable_inplace_f2fs(const char* crypto_blkdev, const char* real_blkdev, |
| 388 | off64_t size, off64_t* size_already_done, off64_t tot_size, |
| 389 | off64_t previously_encrypted_upto, |
| 390 | bool set_progress_properties) { |
| 391 | struct encryptGroupsData data; |
| 392 | struct f2fs_info* f2fs_info = NULL; |
| 393 | int rc = ENABLE_INPLACE_ERR_OTHER; |
| 394 | if (previously_encrypted_upto > *size_already_done) { |
| 395 | LOG(DEBUG) << "Not fast encrypting since resuming part way through"; |
| 396 | return ENABLE_INPLACE_ERR_OTHER; |
| 397 | } |
| 398 | memset(&data, 0, sizeof(data)); |
| 399 | data.real_blkdev = real_blkdev; |
| 400 | data.crypto_blkdev = crypto_blkdev; |
| 401 | data.set_progress_properties = set_progress_properties; |
| 402 | data.realfd = -1; |
| 403 | data.cryptofd = -1; |
| 404 | if ((data.realfd = open64(real_blkdev, O_RDWR | O_CLOEXEC)) < 0) { |
| 405 | PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for f2fs inplace encrypt"; |
| 406 | goto errout; |
| 407 | } |
| 408 | if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { |
| 409 | PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev |
| 410 | << " for f2fs inplace encrypt"; |
| 411 | rc = ENABLE_INPLACE_ERR_DEV; |
| 412 | goto errout; |
| 413 | } |
| 414 | |
| 415 | f2fs_info = generate_f2fs_info(data.realfd); |
| 416 | if (!f2fs_info) goto errout; |
| 417 | |
| 418 | data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; |
| 419 | data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; |
| 420 | data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; |
| 421 | |
| 422 | data.tot_used_blocks = get_num_blocks_used(f2fs_info); |
| 423 | |
| 424 | data.one_pct = data.tot_used_blocks / 100; |
| 425 | data.cur_pct = 0; |
| 426 | data.time_started = time(NULL); |
| 427 | data.remaining_time = -1; |
| 428 | |
| 429 | data.buffer = (char*)malloc(f2fs_info->block_size); |
| 430 | if (!data.buffer) { |
| 431 | LOG(ERROR) << "Failed to allocate crypto buffer"; |
| 432 | goto errout; |
| 433 | } |
| 434 | |
| 435 | data.count = 0; |
| 436 | |
| 437 | /* Currently, this either runs to completion, or hits a nonrecoverable error */ |
| 438 | rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data); |
| 439 | |
| 440 | if (rc) { |
| 441 | LOG(ERROR) << "Error in running over f2fs blocks"; |
| 442 | rc = ENABLE_INPLACE_ERR_OTHER; |
| 443 | goto errout; |
| 444 | } |
| 445 | |
| 446 | *size_already_done += size; |
| 447 | rc = 0; |
| 448 | |
| 449 | errout: |
| 450 | if (rc) LOG(ERROR) << "Failed to encrypt f2fs filesystem on " << real_blkdev; |
| 451 | |
| 452 | log_progress_f2fs(0, true); |
| 453 | free(f2fs_info); |
| 454 | free(data.buffer); |
| 455 | close(data.realfd); |
| 456 | close(data.cryptofd); |
| 457 | |
| 458 | return rc; |
| 459 | } |
| 460 | |
| 461 | static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* real_blkdev, |
| 462 | off64_t size, off64_t* size_already_done, off64_t tot_size, |
| 463 | off64_t previously_encrypted_upto, |
| 464 | bool set_progress_properties) { |
| 465 | int realfd, cryptofd; |
| 466 | char* buf[CRYPT_INPLACE_BUFSIZE]; |
| 467 | int rc = ENABLE_INPLACE_ERR_OTHER; |
| 468 | off64_t numblocks, i, remainder; |
| 469 | off64_t one_pct, cur_pct, new_pct; |
| 470 | off64_t blocks_already_done, tot_numblocks; |
| 471 | |
| 472 | if ((realfd = open(real_blkdev, O_RDONLY | O_CLOEXEC)) < 0) { |
| 473 | PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for inplace encrypt"; |
| 474 | return ENABLE_INPLACE_ERR_OTHER; |
| 475 | } |
| 476 | |
| 477 | if ((cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { |
| 478 | PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for inplace encrypt"; |
| 479 | close(realfd); |
| 480 | return ENABLE_INPLACE_ERR_DEV; |
| 481 | } |
| 482 | |
| 483 | /* This is pretty much a simple loop of reading 4K, and writing 4K. |
| 484 | * The size passed in is the number of 512 byte sectors in the filesystem. |
| 485 | * So compute the number of whole 4K blocks we should read/write, |
| 486 | * and the remainder. |
| 487 | */ |
| 488 | numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; |
| 489 | remainder = size % CRYPT_SECTORS_PER_BUFSIZE; |
| 490 | tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; |
| 491 | blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; |
| 492 | |
| 493 | LOG(ERROR) << "Encrypting filesystem in place..."; |
| 494 | |
| 495 | i = previously_encrypted_upto + 1 - *size_already_done; |
| 496 | |
| 497 | if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { |
| 498 | PLOG(ERROR) << "Cannot seek to previously encrypted point on " << real_blkdev; |
| 499 | goto errout; |
| 500 | } |
| 501 | |
| 502 | if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { |
| 503 | PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev; |
| 504 | goto errout; |
| 505 | } |
| 506 | |
| 507 | for (; i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) { |
| 508 | if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) { |
| 509 | PLOG(ERROR) << "Error reading initial sectors from real_blkdev " << real_blkdev |
| 510 | << " for inplace encrypt"; |
| 511 | goto errout; |
| 512 | } |
| 513 | if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) { |
| 514 | PLOG(ERROR) << "Error writing initial sectors to crypto_blkdev " << crypto_blkdev |
| 515 | << " for inplace encrypt"; |
| 516 | goto errout; |
| 517 | } else { |
| 518 | LOG(INFO) << "Encrypted 1 block at " << i; |
| 519 | } |
| 520 | } |
| 521 | |
| 522 | one_pct = tot_numblocks / 100; |
| 523 | cur_pct = 0; |
| 524 | /* process the majority of the filesystem in blocks */ |
| 525 | for (i /= CRYPT_SECTORS_PER_BUFSIZE; i < numblocks; i++) { |
| 526 | new_pct = (i + blocks_already_done) / one_pct; |
| 527 | if (set_progress_properties && new_pct > cur_pct) { |
| 528 | char property_buf[8]; |
| 529 | |
| 530 | cur_pct = new_pct; |
| 531 | snprintf(property_buf, sizeof(property_buf), "%" PRId64, cur_pct); |
| 532 | android::base::SetProperty("vold.encrypt_progress", property_buf); |
| 533 | } |
| 534 | if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { |
| 535 | PLOG(ERROR) << "Error reading real_blkdev " << real_blkdev << " for inplace encrypt"; |
| 536 | goto errout; |
| 537 | } |
| 538 | if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { |
| 539 | PLOG(ERROR) << "Error writing crypto_blkdev " << crypto_blkdev << " for inplace encrypt"; |
| 540 | goto errout; |
| 541 | } else { |
| 542 | LOG(DEBUG) << "Encrypted " << CRYPT_SECTORS_PER_BUFSIZE << " block at " |
| 543 | << i * CRYPT_SECTORS_PER_BUFSIZE; |
| 544 | } |
| 545 | } |
| 546 | |
| 547 | /* Do any remaining sectors */ |
| 548 | for (i = 0; i < remainder; i++) { |
| 549 | if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) { |
| 550 | LOG(ERROR) << "Error reading final sectors from real_blkdev " << real_blkdev |
| 551 | << " for inplace encrypt"; |
| 552 | goto errout; |
| 553 | } |
| 554 | if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) { |
| 555 | LOG(ERROR) << "Error writing final sectors to crypto_blkdev " << crypto_blkdev |
| 556 | << " for inplace encrypt"; |
| 557 | goto errout; |
| 558 | } else { |
| 559 | LOG(INFO) << "Encrypted 1 block at next location"; |
| 560 | } |
| 561 | } |
| 562 | |
| 563 | *size_already_done += size; |
| 564 | rc = 0; |
| 565 | |
| 566 | errout: |
| 567 | close(realfd); |
| 568 | close(cryptofd); |
| 569 | |
| 570 | return rc; |
| 571 | } |
| 572 | |
| 573 | /* returns on of the ENABLE_INPLACE_* return codes */ |
| 574 | int cryptfs_enable_inplace(const char* crypto_blkdev, const char* real_blkdev, off64_t size, |
| 575 | off64_t* size_already_done, off64_t tot_size, |
| 576 | off64_t previously_encrypted_upto, bool set_progress_properties) { |
| 577 | int rc_ext4, rc_f2fs, rc_full; |
| 578 | LOG(DEBUG) << "cryptfs_enable_inplace(" << crypto_blkdev << ", " << real_blkdev << ", " << size |
| 579 | << ", " << size_already_done << ", " << tot_size << ", " << previously_encrypted_upto |
| 580 | << ", " << set_progress_properties << ")"; |
| 581 | if (previously_encrypted_upto) { |
| 582 | LOG(DEBUG) << "Continuing encryption from " << previously_encrypted_upto; |
| 583 | } |
| 584 | |
| 585 | if (*size_already_done + size < previously_encrypted_upto) { |
| 586 | LOG(DEBUG) << "cryptfs_enable_inplace already done"; |
| 587 | *size_already_done += size; |
| 588 | return 0; |
| 589 | } |
| 590 | |
| 591 | /* TODO: identify filesystem type. |
| 592 | * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and |
| 593 | * then we will drop down to cryptfs_enable_inplace_f2fs. |
| 594 | * */ |
| 595 | if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev, size, size_already_done, |
| 596 | tot_size, previously_encrypted_upto, |
| 597 | set_progress_properties)) == 0) { |
| 598 | LOG(DEBUG) << "cryptfs_enable_inplace_ext4 success"; |
| 599 | return 0; |
| 600 | } |
| 601 | LOG(DEBUG) << "cryptfs_enable_inplace_ext4()=" << rc_ext4; |
| 602 | |
| 603 | if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev, size, size_already_done, |
| 604 | tot_size, previously_encrypted_upto, |
| 605 | set_progress_properties)) == 0) { |
| 606 | LOG(DEBUG) << "cryptfs_enable_inplace_f2fs success"; |
| 607 | return 0; |
| 608 | } |
| 609 | LOG(DEBUG) << "cryptfs_enable_inplace_f2fs()=" << rc_f2fs; |
| 610 | |
| 611 | rc_full = |
| 612 | cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev, size, size_already_done, tot_size, |
| 613 | previously_encrypted_upto, set_progress_properties); |
| 614 | LOG(DEBUG) << "cryptfs_enable_inplace_full()=" << rc_full; |
| 615 | |
| 616 | /* Hack for b/17898962, the following is the symptom... */ |
| 617 | if (rc_ext4 == ENABLE_INPLACE_ERR_DEV && rc_f2fs == ENABLE_INPLACE_ERR_DEV && |
| 618 | rc_full == ENABLE_INPLACE_ERR_DEV) { |
| 619 | LOG(DEBUG) << "ENABLE_INPLACE_ERR_DEV"; |
| 620 | return ENABLE_INPLACE_ERR_DEV; |
| 621 | } |
| 622 | return rc_full; |
| 623 | } |