Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "EncryptInplace.h" |
| 18 | |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 19 | #include <ext4_utils/ext4.h> |
| 20 | #include <ext4_utils/ext4_utils.h> |
| 21 | #include <f2fs_sparseblock.h> |
Paul Crowley | 14c8c07 | 2018-09-18 13:30:21 -0700 | [diff] [blame] | 22 | #include <fcntl.h> |
Paul Crowley | 14c8c07 | 2018-09-18 13:30:21 -0700 | [diff] [blame] | 23 | #include <time.h> |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 24 | |
| 25 | #include <algorithm> |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 26 | #include <vector> |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 27 | |
Paul Crowley | 772cc85 | 2018-02-01 09:53:27 -0800 | [diff] [blame] | 28 | #include <android-base/logging.h> |
| 29 | #include <android-base/properties.h> |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 30 | #include <android-base/unique_fd.h> |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 31 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 32 | enum EncryptInPlaceError { |
| 33 | kSuccess, |
| 34 | kFailed, |
| 35 | kFilesystemNotFound, |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 36 | }; |
| 37 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 38 | static uint64_t round_up(uint64_t val, size_t amount) { |
| 39 | if (val % amount) val += amount - (val % amount); |
| 40 | return val; |
| 41 | } |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 42 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 43 | class InPlaceEncrypter { |
| 44 | public: |
| 45 | bool EncryptInPlace(const std::string& crypto_blkdev, const std::string& real_blkdev, |
| 46 | uint64_t nr_sec, bool set_progress_properties); |
| 47 | bool ProcessUsedBlock(uint64_t block_num); |
| 48 | |
| 49 | private: |
| 50 | // aligned 32K writes tends to make flash happy. |
| 51 | // SD card association recommends it. |
| 52 | static const size_t kIOBufferSize = 32768; |
| 53 | |
| 54 | // Avoid spamming the logs. Print the "Encrypting blocks" log message once |
| 55 | // every 10000 blocks (which is usually every 40 MB or so), and once at the end. |
| 56 | static const int kLogInterval = 10000; |
| 57 | |
| 58 | std::string DescribeFilesystem(); |
| 59 | void InitFs(const std::string& fs_type, uint64_t blocks_to_encrypt, uint64_t total_blocks, |
| 60 | unsigned int block_size); |
| 61 | void UpdateProgress(size_t blocks, bool done); |
| 62 | bool EncryptPendingData(); |
| 63 | bool DoEncryptInPlace(); |
| 64 | |
| 65 | // ext4 methods |
| 66 | bool ReadExt4BlockBitmap(uint32_t group, uint8_t* buf); |
| 67 | uint64_t FirstBlockInGroup(uint32_t group); |
| 68 | uint32_t NumBlocksInGroup(uint32_t group); |
| 69 | uint32_t NumBaseMetaBlocksInGroup(uint64_t group); |
| 70 | EncryptInPlaceError EncryptInPlaceExt4(); |
| 71 | |
| 72 | // f2fs methods |
| 73 | EncryptInPlaceError EncryptInPlaceF2fs(); |
| 74 | |
| 75 | std::string real_blkdev_; |
| 76 | std::string crypto_blkdev_; |
| 77 | uint64_t nr_sec_; |
| 78 | bool set_progress_properties_; |
| 79 | |
| 80 | android::base::unique_fd realfd_; |
| 81 | android::base::unique_fd cryptofd_; |
| 82 | |
| 83 | time_t time_started_; |
| 84 | int remaining_time_; |
| 85 | |
| 86 | std::string fs_type_; |
| 87 | uint64_t blocks_done_; |
| 88 | uint64_t blocks_to_encrypt_; |
| 89 | unsigned int block_size_; |
| 90 | unsigned int cur_pct_; |
| 91 | |
| 92 | std::vector<uint8_t> io_buffer_; |
| 93 | uint64_t first_pending_block_; |
| 94 | size_t blocks_pending_; |
| 95 | }; |
| 96 | |
| 97 | std::string InPlaceEncrypter::DescribeFilesystem() { |
| 98 | if (fs_type_.empty()) |
| 99 | return "full block device " + real_blkdev_; |
| 100 | else |
| 101 | return fs_type_ + " filesystem on " + real_blkdev_; |
| 102 | } |
| 103 | |
| 104 | // Finishes initializing the encrypter, now that the filesystem details are known. |
| 105 | void InPlaceEncrypter::InitFs(const std::string& fs_type, uint64_t blocks_to_encrypt, |
| 106 | uint64_t total_blocks, unsigned int block_size) { |
| 107 | fs_type_ = fs_type; |
| 108 | blocks_done_ = 0; |
| 109 | blocks_to_encrypt_ = blocks_to_encrypt; |
| 110 | block_size_ = block_size; |
| 111 | cur_pct_ = 0; |
| 112 | |
| 113 | // Allocate the I/O buffer. kIOBufferSize should always be a multiple of |
| 114 | // the filesystem block size, but round it up just in case. |
| 115 | io_buffer_.resize(round_up(kIOBufferSize, block_size)); |
| 116 | first_pending_block_ = 0; |
| 117 | blocks_pending_ = 0; |
| 118 | |
| 119 | LOG(INFO) << "Encrypting " << DescribeFilesystem() << " in-place via " << crypto_blkdev_; |
| 120 | LOG(INFO) << blocks_to_encrypt << " blocks (" << (blocks_to_encrypt * block_size) / 1000000 |
| 121 | << " MB) of " << total_blocks << " blocks are in-use"; |
| 122 | } |
| 123 | |
| 124 | void InPlaceEncrypter::UpdateProgress(size_t blocks, bool done) { |
| 125 | // A log message already got printed for blocks_done_ if one was due, so the |
| 126 | // next message will be due at the *next* block rounded up to kLogInterval. |
| 127 | uint64_t blocks_next_msg = round_up(blocks_done_ + 1, kLogInterval); |
| 128 | |
| 129 | blocks_done_ += blocks; |
| 130 | |
| 131 | // Ensure that a log message gets printed at the end, but not if one was |
| 132 | // already printed due to the block count being a multiple of kLogInterval. |
| 133 | // E.g. we want to show "50000 of 50327" and then "50327 of "50327", but not |
| 134 | // "50000 of 50000" and then redundantly "50000 of 50000" again. |
| 135 | if (done && blocks_done_ % kLogInterval != 0) blocks_next_msg = blocks_done_; |
| 136 | |
| 137 | if (blocks_done_ >= blocks_next_msg) |
| 138 | LOG(DEBUG) << "Encrypted " << blocks_next_msg << " of " << blocks_to_encrypt_ << " blocks"; |
| 139 | |
| 140 | if (!set_progress_properties_) return; |
| 141 | |
| 142 | uint64_t new_pct; |
| 143 | if (done) { |
| 144 | new_pct = 100; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 145 | } else { |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 146 | new_pct = (blocks_done_ * 100) / std::max<uint64_t>(blocks_to_encrypt_, 1); |
| 147 | new_pct = std::min<uint64_t>(new_pct, 99); |
| 148 | } |
| 149 | if (new_pct > cur_pct_) { |
| 150 | cur_pct_ = new_pct; |
| 151 | android::base::SetProperty("vold.encrypt_progress", std::to_string(new_pct)); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 152 | } |
| 153 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 154 | if (cur_pct_ >= 5) { |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 155 | struct timespec time_now; |
| 156 | if (clock_gettime(CLOCK_MONOTONIC, &time_now)) { |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 157 | PLOG(WARNING) << "Error getting time while updating encryption progress"; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 158 | } else { |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 159 | double elapsed_time = difftime(time_now.tv_sec, time_started_); |
| 160 | |
| 161 | uint64_t remaining_blocks = 0; |
| 162 | if (blocks_done_ < blocks_to_encrypt_) |
| 163 | remaining_blocks = blocks_to_encrypt_ - blocks_done_; |
| 164 | |
| 165 | int remaining_time = 0; |
| 166 | if (blocks_done_ != 0) |
| 167 | remaining_time = (int)(elapsed_time * remaining_blocks / blocks_done_); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 168 | |
| 169 | // Change time only if not yet set, lower, or a lot higher for |
| 170 | // best user experience |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 171 | if (remaining_time_ == -1 || remaining_time < remaining_time_ || |
| 172 | remaining_time > remaining_time_ + 60) { |
| 173 | remaining_time_ = remaining_time; |
| 174 | android::base::SetProperty("vold.encrypt_time_remaining", |
| 175 | std::to_string(remaining_time)); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 176 | } |
| 177 | } |
| 178 | } |
| 179 | } |
| 180 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 181 | bool InPlaceEncrypter::EncryptPendingData() { |
| 182 | if (blocks_pending_ == 0) return true; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 183 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 184 | ssize_t bytes = blocks_pending_ * block_size_; |
| 185 | uint64_t offset = first_pending_block_ * block_size_; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 186 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 187 | if (pread64(realfd_, &io_buffer_[0], bytes, offset) != bytes) { |
| 188 | PLOG(ERROR) << "Error reading real_blkdev " << real_blkdev_ << " for inplace encrypt"; |
| 189 | return false; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 190 | } |
| 191 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 192 | if (pwrite64(cryptofd_, &io_buffer_[0], bytes, offset) != bytes) { |
| 193 | PLOG(ERROR) << "Error writing crypto_blkdev " << crypto_blkdev_ << " for inplace encrypt"; |
| 194 | return false; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 195 | } |
| 196 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 197 | UpdateProgress(blocks_pending_, false); |
| 198 | |
| 199 | blocks_pending_ = 0; |
| 200 | return true; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 201 | } |
| 202 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 203 | bool InPlaceEncrypter::ProcessUsedBlock(uint64_t block_num) { |
| 204 | // Flush if the amount of pending data has reached the I/O buffer size, if |
| 205 | // there's a gap between the pending blocks and the next block (due to |
| 206 | // block(s) not being used by the filesystem and thus not needing |
| 207 | // encryption), or if the next block will be aligned to the I/O buffer size. |
| 208 | if (blocks_pending_ * block_size_ == io_buffer_.size() || |
| 209 | block_num != first_pending_block_ + blocks_pending_ || |
| 210 | (block_num * block_size_) % io_buffer_.size() == 0) { |
| 211 | if (!EncryptPendingData()) return false; |
| 212 | first_pending_block_ = block_num; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 213 | } |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 214 | blocks_pending_++; |
| 215 | return true; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 216 | } |
| 217 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 218 | // Reads the block bitmap for block group |group| into |buf|. |
| 219 | bool InPlaceEncrypter::ReadExt4BlockBitmap(uint32_t group, uint8_t* buf) { |
| 220 | uint64_t offset = (uint64_t)aux_info.bg_desc[group].bg_block_bitmap * info.block_size; |
| 221 | if (pread64(realfd_, buf, info.block_size, offset) != (ssize_t)info.block_size) { |
| 222 | PLOG(ERROR) << "Failed to read block bitmap for block group " << group; |
| 223 | return false; |
| 224 | } |
| 225 | return true; |
| 226 | } |
| 227 | |
| 228 | uint64_t InPlaceEncrypter::FirstBlockInGroup(uint32_t group) { |
Eric Biggers | 7e70d69 | 2020-11-03 14:11:01 -0800 | [diff] [blame] | 229 | return aux_info.first_data_block + (group * (uint64_t)info.blocks_per_group); |
| 230 | } |
| 231 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 232 | uint32_t InPlaceEncrypter::NumBlocksInGroup(uint32_t group) { |
| 233 | uint64_t remaining = aux_info.len_blocks - FirstBlockInGroup(group); |
Eric Biggers | 7e70d69 | 2020-11-03 14:11:01 -0800 | [diff] [blame] | 234 | return std::min<uint64_t>(info.blocks_per_group, remaining); |
| 235 | } |
| 236 | |
| 237 | // In block groups with an uninitialized block bitmap, we only need to encrypt |
| 238 | // the backup superblock and the block group descriptors (if they are present). |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 239 | uint32_t InPlaceEncrypter::NumBaseMetaBlocksInGroup(uint64_t group) { |
Eric Biggers | 7e70d69 | 2020-11-03 14:11:01 -0800 | [diff] [blame] | 240 | if (!ext4_bg_has_super_block(group)) return 0; |
| 241 | return 1 + aux_info.bg_desc_blocks; |
| 242 | } |
| 243 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 244 | EncryptInPlaceError InPlaceEncrypter::EncryptInPlaceExt4() { |
| 245 | if (setjmp(setjmp_env)) // NOLINT |
| 246 | return kFilesystemNotFound; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 247 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 248 | if (read_ext(realfd_, 0) != 0) return kFilesystemNotFound; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 249 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 250 | LOG(DEBUG) << "ext4 filesystem has " << aux_info.groups << " block groups"; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 251 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 252 | uint64_t blocks_to_encrypt = 0; |
| 253 | for (uint32_t group = 0; group < aux_info.groups; group++) { |
| 254 | if (aux_info.bg_desc[group].bg_flags & EXT4_BG_BLOCK_UNINIT) |
| 255 | blocks_to_encrypt += NumBaseMetaBlocksInGroup(group); |
Eric Biggers | 7e70d69 | 2020-11-03 14:11:01 -0800 | [diff] [blame] | 256 | else |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 257 | blocks_to_encrypt += |
| 258 | (NumBlocksInGroup(group) - aux_info.bg_desc[group].bg_free_blocks_count); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 259 | } |
| 260 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 261 | InitFs("ext4", blocks_to_encrypt, aux_info.len_blocks, info.block_size); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 262 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 263 | // Encrypt each block group. |
| 264 | std::vector<uint8_t> block_bitmap(info.block_size); |
| 265 | for (uint32_t group = 0; group < aux_info.groups; group++) { |
| 266 | if (!ReadExt4BlockBitmap(group, &block_bitmap[0])) return kFailed; |
| 267 | |
| 268 | uint64_t first_block_num = FirstBlockInGroup(group); |
| 269 | bool uninit = (aux_info.bg_desc[group].bg_flags & EXT4_BG_BLOCK_UNINIT); |
| 270 | uint32_t block_count = uninit ? NumBaseMetaBlocksInGroup(group) : NumBlocksInGroup(group); |
| 271 | |
| 272 | // Encrypt each used block in the block group. |
| 273 | for (uint32_t i = 0; i < block_count; i++) { |
| 274 | if (uninit || bitmap_get_bit(&block_bitmap[0], i)) |
| 275 | ProcessUsedBlock(first_block_num + i); |
| 276 | } |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 277 | } |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 278 | return kSuccess; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 279 | } |
| 280 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 281 | static int encrypt_f2fs_block(uint64_t block_num, void* _encrypter) { |
| 282 | InPlaceEncrypter* encrypter = reinterpret_cast<InPlaceEncrypter*>(_encrypter); |
| 283 | if (!encrypter->ProcessUsedBlock(block_num)) return -1; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 284 | return 0; |
| 285 | } |
| 286 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 287 | EncryptInPlaceError InPlaceEncrypter::EncryptInPlaceF2fs() { |
| 288 | std::unique_ptr<struct f2fs_info, void (*)(struct f2fs_info*)> fs_info( |
| 289 | generate_f2fs_info(realfd_), free_f2fs_info); |
| 290 | if (!fs_info) return kFilesystemNotFound; |
| 291 | |
| 292 | InitFs("f2fs", get_num_blocks_used(fs_info.get()), fs_info->total_blocks, fs_info->block_size); |
| 293 | if (run_on_used_blocks(0, fs_info.get(), encrypt_f2fs_block, this) != 0) return kFailed; |
| 294 | return kSuccess; |
| 295 | } |
| 296 | |
| 297 | bool InPlaceEncrypter::DoEncryptInPlace() { |
| 298 | EncryptInPlaceError rc; |
| 299 | |
| 300 | rc = EncryptInPlaceExt4(); |
| 301 | if (rc != kFilesystemNotFound) return rc == kSuccess; |
| 302 | |
| 303 | rc = EncryptInPlaceF2fs(); |
| 304 | if (rc != kFilesystemNotFound) return rc == kSuccess; |
| 305 | |
| 306 | LOG(WARNING) << "No recognized filesystem found on " << real_blkdev_ |
| 307 | << ". Falling back to encrypting the full block device."; |
| 308 | InitFs("", nr_sec_, nr_sec_, 512); |
| 309 | for (uint64_t i = 0; i < nr_sec_; i++) { |
| 310 | if (!ProcessUsedBlock(i)) return false; |
| 311 | } |
| 312 | return true; |
| 313 | } |
| 314 | |
| 315 | bool InPlaceEncrypter::EncryptInPlace(const std::string& crypto_blkdev, |
| 316 | const std::string& real_blkdev, uint64_t nr_sec, |
| 317 | bool set_progress_properties) { |
Denis Hsu | 1740eff | 2019-12-26 16:06:37 +0800 | [diff] [blame] | 318 | struct timespec time_started = {0}; |
| 319 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 320 | real_blkdev_ = real_blkdev; |
| 321 | crypto_blkdev_ = crypto_blkdev; |
| 322 | nr_sec_ = nr_sec; |
| 323 | set_progress_properties_ = set_progress_properties; |
| 324 | |
| 325 | realfd_.reset(open64(real_blkdev.c_str(), O_RDONLY | O_CLOEXEC)); |
| 326 | if (realfd_ < 0) { |
| 327 | PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for inplace encrypt"; |
| 328 | return false; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 329 | } |
| 330 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 331 | cryptofd_.reset(open64(crypto_blkdev.c_str(), O_WRONLY | O_CLOEXEC)); |
| 332 | if (cryptofd_ < 0) { |
| 333 | PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for inplace encrypt"; |
| 334 | return false; |
| 335 | } |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 336 | |
Denis Hsu | 1740eff | 2019-12-26 16:06:37 +0800 | [diff] [blame] | 337 | if (clock_gettime(CLOCK_MONOTONIC, &time_started)) { |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 338 | PLOG(WARNING) << "Error getting time at start of in-place encryption"; |
Denis Hsu | 1740eff | 2019-12-26 16:06:37 +0800 | [diff] [blame] | 339 | // Note - continue anyway - we'll run with 0 |
| 340 | } |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 341 | time_started_ = time_started.tv_sec; |
| 342 | remaining_time_ = -1; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 343 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 344 | bool success = DoEncryptInPlace(); |
Denis Hsu | 1740eff | 2019-12-26 16:06:37 +0800 | [diff] [blame] | 345 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 346 | if (success) success &= EncryptPendingData(); |
| 347 | |
Eric Biggers | 1ba8865 | 2020-11-04 18:38:38 -0800 | [diff] [blame] | 348 | if (success && fsync(cryptofd_) != 0) { |
| 349 | PLOG(ERROR) << "Error syncing " << crypto_blkdev_; |
| 350 | success = false; |
| 351 | } |
| 352 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 353 | if (!success) { |
| 354 | LOG(ERROR) << "In-place encryption of " << DescribeFilesystem() << " failed"; |
| 355 | return false; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 356 | } |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 357 | if (blocks_done_ != blocks_to_encrypt_) { |
| 358 | LOG(WARNING) << "blocks_to_encrypt (" << blocks_to_encrypt_ |
| 359 | << ") was incorrect; we actually encrypted " << blocks_done_ |
| 360 | << " blocks. Encryption progress was inaccurate"; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 361 | } |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 362 | // Make sure vold.encrypt_progress gets set to 100. |
| 363 | UpdateProgress(0, true); |
| 364 | LOG(INFO) << "Successfully encrypted " << DescribeFilesystem(); |
| 365 | return true; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 366 | } |
| 367 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 368 | // Encrypts |real_blkdev| in-place by reading the data from |real_blkdev| and |
| 369 | // writing it to |crypto_blkdev|, which should be a dm-crypt or dm-default-key |
| 370 | // device backed by |real_blkdev|. The size to encrypt is |nr_sec| 512-byte |
| 371 | // sectors; however, if a filesystem is detected, then its size will be used |
| 372 | // instead, and only the in-use blocks of the filesystem will be encrypted. |
| 373 | bool encrypt_inplace(const std::string& crypto_blkdev, const std::string& real_blkdev, |
| 374 | uint64_t nr_sec, bool set_progress_properties) { |
| 375 | LOG(DEBUG) << "encrypt_inplace(" << crypto_blkdev << ", " << real_blkdev << ", " << nr_sec |
| 376 | << ", " << (set_progress_properties ? "true" : "false") << ")"; |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 377 | |
Eric Biggers | f038c5f | 2020-11-03 14:11:02 -0800 | [diff] [blame] | 378 | InPlaceEncrypter encrypter; |
| 379 | return encrypter.EncryptInPlace(crypto_blkdev, real_blkdev, nr_sec, set_progress_properties); |
Paul Crowley | f71ace3 | 2016-06-02 11:01:19 -0700 | [diff] [blame] | 380 | } |