No description
f038c5f5e1
Refactor EncryptInplace.cpp to simplify and improve it a lot. This is
everything that didn't fit into prior commits, including:
- Share a lot more code between ext4, f2fs, and full encryption.
- Improve the log messages. Most importantly, don't spam the log with
huge numbers of messages, and don't log errors in expected cases.
Note: generate_f2fs_info() is still too noisy, but that's part of
"system/extras", not vold, so this change doesn't change that.
- When possible, do 32K reads/writes for f2fs and for full encryption,
not just for ext4. This might improve performance.
- Take advantage of C++ functionality.
- Be more careful about edge cases. E.g. if the calculation of the
number of blocks to encrypt was wrong, don't set vold.encrypt_progress
to > 99 until we're actually done.
The net change is over 200 lines removed.
Before-after comparison of log when enabling metadata encryption:
ext4 before:
I vold : Beginning inplace encryption, nr_sec: 16777216
D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
D vold : Opening/dev/block/by-name/userdata
D vold : Opening/dev/block/dm-8
I vold : Encrypting ext4 filesystem in place...
[omitted 6387 log messages]
I vold : Encrypted to sector 822084608
D vold : cryptfs_enable_inplace_ext4 success
I vold : Inplace encryption complete
ext4 after:
D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
D vold : ext4 filesystem has 64 block groups
I vold : Encrypting ext4 filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
I vold : 50327 blocks (206 MB) of 2097152 blocks are in-use
D vold : Encrypted 10000 of 50327 blocks
D vold : Encrypted 20000 of 50327 blocks
D vold : Encrypted 30000 of 50327 blocks
D vold : Encrypted 40000 of 50327 blocks
D vold : Encrypted 50000 of 50327 blocks
D vold : Encrypted 50327 of 50327 blocks
I vold : Successfully encrypted ext4 filesystem on /dev/block/by-name/userdata
f2fs before:
I vold : Beginning inplace encryption, nr_sec: 16777216
D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
D vold : Opening/dev/block/by-name/userdata
D vold : Opening/dev/block/dm-8
E vold : Reading ext4 extent caused an exception
D vold : cryptfs_enable_inplace_ext4()=-1
[omitted logspam from f2fs_sparseblock]
I vold : Encrypting from block 0
I vold : Encrypted to block 15872
I vold : Encrypting from block 16384
I vold : Encrypted to block 16385
I vold : Encrypting from block 17408
I vold : Encrypted to block 17412
D vold : cryptfs_enable_inplace_f2fs success
I vold : Inplace encryption complete
f2fs after:
D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
[omitted logspam from f2fs_sparseblock]
I vold : Encrypting f2fs filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
I vold : 15880 blocks (65 MB) of 2097152 blocks are in-use
D vold : Encrypted 10000 of 15880 blocks
D vold : Encrypted 15880 of 15880 blocks
I vold : Successfully encrypted f2fs filesystem on /dev/block/by-name/userdata
Test: Booted Cuttlefish with metadata encryption enabled and with the
userdata filesystem using (1) ext4, (2) f2fs, and (3) f2fs but
with EncryptInplace.cpp patched to not recognize the filesystem
and fall back to the "full" encryption case. Checked that the log
messages were as expected and that /data was mounted.
I've had no luck testing FDE yet; it doesn't work even without
these changes. Suggestions appreciated...
Change-Id: I08fc8465f7962abd698904b5466f3ed080d53953
|
||
|---|---|---|
| bench | ||
| binder/android/os | ||
| fs | ||
| model | ||
| tests | ||
| .clang-format | ||
| Android.bp | ||
| AppFuseUtil.cpp | ||
| AppFuseUtil.h | ||
| Benchmark.cpp | ||
| Benchmark.h | ||
| BenchmarkGen.h | ||
| Checkpoint.cpp | ||
| Checkpoint.h | ||
| CleanSpec.mk | ||
| cryptfs.cpp | ||
| cryptfs.h | ||
| CryptoType.cpp | ||
| CryptoType.h | ||
| Devmapper.cpp | ||
| Devmapper.h | ||
| EncryptInplace.cpp | ||
| EncryptInplace.h | ||
| FileDeviceUtils.cpp | ||
| FileDeviceUtils.h | ||
| FsCrypt.cpp | ||
| FsCrypt.h | ||
| IdleMaint.cpp | ||
| IdleMaint.h | ||
| KeyBuffer.cpp | ||
| KeyBuffer.h | ||
| Keymaster.cpp | ||
| Keymaster.h | ||
| KeyStorage.cpp | ||
| KeyStorage.h | ||
| KeyUtil.cpp | ||
| KeyUtil.h | ||
| Loop.cpp | ||
| Loop.h | ||
| main.cpp | ||
| MetadataCrypt.cpp | ||
| MetadataCrypt.h | ||
| MoveStorage.cpp | ||
| MoveStorage.h | ||
| NetlinkHandler.cpp | ||
| NetlinkHandler.h | ||
| NetlinkManager.cpp | ||
| NetlinkManager.h | ||
| OWNERS | ||
| PREUPLOAD.cfg | ||
| Process.cpp | ||
| Process.h | ||
| ScryptParameters.cpp | ||
| ScryptParameters.h | ||
| secdiscard.cpp | ||
| sehandle.h | ||
| TEST_MAPPING | ||
| Utils.cpp | ||
| Utils.h | ||
| vdc.cpp | ||
| vdc.rc | ||
| vold.rc | ||
| vold_prepare_subdirs.cpp | ||
| VoldNativeService.cpp | ||
| VoldNativeService.h | ||
| VoldNativeServiceValidation.cpp | ||
| VoldNativeServiceValidation.h | ||
| VoldUtil.cpp | ||
| VoldUtil.h | ||
| VolumeManager.cpp | ||
| VolumeManager.h | ||
| wait_for_keymaster.cpp | ||
| wait_for_keymaster.rc | ||