Lines Matching +full:v +full:-
1 // SPDX-License-Identifier: GPL-2.0-only
7 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
16 #include "dm-verity.h"
17 #include "dm-verity-fec.h"
18 #include "dm-verity-verify-sig.h"
19 #include "dm-audit.h"
53 struct dm_verity *v; member
59 * Auxiliary structure appended to each dm-bufio buffer. If the value
81 aux->hash_verified = 0; in dm_bufio_alloc_callback()
87 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
89 return v->data_start + dm_target_offset(v->ti, bi_sector); in verity_map_sector()
95 * The lowest "hash_per_block_bits"-bits of the result denote hash position
98 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
101 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
104 static int verity_hash_update(struct dm_verity *v, struct ahash_request *req, in verity_hash_update() argument
118 size_t this_step = min_t(size_t, len, PAGE_SIZE - offset_in_page(data)); in verity_hash_update()
128 len -= this_step; in verity_hash_update()
137 static int verity_hash_init(struct dm_verity *v, struct ahash_request *req, in verity_hash_init() argument
142 ahash_request_set_tfm(req, v->tfm); in verity_hash_init()
151 if (r != -ENOMEM) in verity_hash_init()
156 if (likely(v->salt_size && (v->version >= 1))) in verity_hash_init()
157 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_init()
162 static int verity_hash_final(struct dm_verity *v, struct ahash_request *req, in verity_hash_final() argument
167 if (unlikely(v->salt_size && (!v->version))) { in verity_hash_final()
168 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_final()
182 int verity_hash(struct dm_verity *v, struct ahash_request *req, in verity_hash() argument
188 r = verity_hash_init(v, req, &wait, may_sleep); in verity_hash()
192 r = verity_hash_update(v, req, data, len, &wait); in verity_hash()
196 r = verity_hash_final(v, req, digest, &wait); in verity_hash()
202 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
205 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
208 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
213 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
214 if (!v->version) in verity_hash_at_level()
215 *offset = idx * v->digest_size; in verity_hash_at_level()
217 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
223 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
229 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
232 v->hash_failed = true; in verity_handle_err()
234 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
237 v->corrupted_errs++; in verity_handle_err()
250 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
253 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) { in verity_handle_err()
254 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
255 dm_audit_log_target(DM_MSG_PREFIX, "max-corrupted-errors", v->ti, 0); in verity_handle_err()
261 kobject_uevent_env(&disk_to_dev(dm_disk(md))->kobj, KOBJ_CHANGE, envp); in verity_handle_err()
264 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
267 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
268 kernel_restart("dm-verity device corrupted"); in verity_handle_err()
270 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
271 panic("dm-verity device corrupted"); in verity_handle_err()
280 * On successful return, verity_io_want_digest(v, io) contains the hash value
285 * against current value of verity_io_want_digest(v, io).
287 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
298 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
300 if (static_branch_unlikely(&use_tasklet_enabled) && io->in_tasklet) { in verity_verify_level()
301 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
305 * Return early and resume execution from a work-queue in verity_verify_level()
308 return -EAGAIN; in verity_verify_level()
311 data = dm_bufio_read(v->bufio, hash_block, &buf); in verity_verify_level()
318 if (!aux->hash_verified) { in verity_verify_level()
324 r = verity_hash(v, verity_io_hash_req(v, io), in verity_verify_level()
325 data, 1 << v->hash_dev_block_bits, in verity_verify_level()
326 verity_io_real_digest(v, io), !io->in_tasklet); in verity_verify_level()
330 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, in verity_verify_level()
331 v->digest_size) == 0)) in verity_verify_level()
332 aux->hash_verified = 1; in verity_verify_level()
334 io->in_tasklet) { in verity_verify_level()
337 * tasklet since it may sleep, so fallback to work-queue. in verity_verify_level()
339 r = -EAGAIN; in verity_verify_level()
341 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
343 aux->hash_verified = 1; in verity_verify_level()
344 else if (verity_handle_err(v, in verity_verify_level()
349 v->ti->per_io_data_size); in verity_verify_level()
350 dm_audit_log_bio(DM_MSG_PREFIX, "verify-metadata", bio, in verity_verify_level()
352 r = -EIO; in verity_verify_level()
358 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
370 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
375 if (likely(v->levels)) { in verity_hash_for_block()
383 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
388 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
390 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
391 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
396 if (!r && v->zero_digest) in verity_hash_for_block()
397 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
407 static int verity_for_io_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_io_block() argument
410 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_io_block()
411 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_io_block()
413 struct ahash_request *req = verity_io_hash_req(v, io); in verity_for_io_block()
441 todo -= len; in verity_for_io_block()
448 * Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec
451 int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_bv_block() argument
453 int (*process)(struct dm_verity *v, in verity_for_bv_block() argument
457 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_bv_block()
458 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_bv_block()
472 r = process(v, io, page, len); in verity_for_bv_block()
479 todo -= len; in verity_for_bv_block()
485 static int verity_recheck_copy(struct dm_verity *v, struct dm_verity_io *io, in verity_recheck_copy() argument
488 memcpy(data, io->recheck_buffer, len); in verity_recheck_copy()
489 io->recheck_buffer += len; in verity_recheck_copy()
494 static noinline int verity_recheck(struct dm_verity *v, struct dm_verity_io *io, in verity_recheck() argument
503 page = mempool_alloc(&v->recheck_pool, GFP_NOIO); in verity_recheck()
510 io_req.client = v->io; in verity_recheck()
511 io_loc.bdev = v->data_dev->bdev; in verity_recheck()
512 io_loc.sector = cur_block << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
513 io_loc.count = 1 << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
518 r = verity_hash(v, verity_io_hash_req(v, io), buffer, in verity_recheck()
519 1 << v->data_dev_block_bits, in verity_recheck()
520 verity_io_real_digest(v, io), true); in verity_recheck()
524 if (memcmp(verity_io_real_digest(v, io), in verity_recheck()
525 verity_io_want_digest(v, io), v->digest_size)) { in verity_recheck()
526 r = -EIO; in verity_recheck()
530 io->recheck_buffer = buffer; in verity_recheck()
531 r = verity_for_bv_block(v, io, &start, verity_recheck_copy); in verity_recheck()
537 mempool_free(page, &v->recheck_pool); in verity_recheck()
542 static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io, in verity_bv_zero() argument
552 static inline void verity_bv_skip_block(struct dm_verity *v, in verity_bv_skip_block() argument
556 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_bv_skip_block()
558 bio_advance_iter(bio, iter, 1 << v->data_dev_block_bits); in verity_bv_skip_block()
567 struct dm_verity *v = io->v; in verity_verify_io() local
572 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
575 if (static_branch_unlikely(&use_tasklet_enabled) && io->in_tasklet) { in verity_verify_io()
578 * verification in a work-queue. in verity_verify_io()
580 iter_copy = io->iter; in verity_verify_io()
583 iter = &io->iter; in verity_verify_io()
585 for (b = 0; b < io->n_blocks; b++) { in verity_verify_io()
587 sector_t cur_block = io->block + b; in verity_verify_io()
588 struct ahash_request *req = verity_io_hash_req(v, io); in verity_verify_io()
590 if (v->validated_blocks && bio->bi_status == BLK_STS_OK && in verity_verify_io()
591 likely(test_bit(cur_block, v->validated_blocks))) { in verity_verify_io()
592 verity_bv_skip_block(v, io, iter); in verity_verify_io()
596 r = verity_hash_for_block(v, io, cur_block, in verity_verify_io()
597 verity_io_want_digest(v, io), in verity_verify_io()
607 r = verity_for_bv_block(v, io, iter, in verity_verify_io()
615 r = verity_hash_init(v, req, &wait, !io->in_tasklet); in verity_verify_io()
620 r = verity_for_io_block(v, io, iter, &wait); in verity_verify_io()
624 r = verity_hash_final(v, req, verity_io_real_digest(v, io), in verity_verify_io()
629 if (likely(memcmp(verity_io_real_digest(v, io), in verity_verify_io()
630 verity_io_want_digest(v, io), v->digest_size) == 0)) { in verity_verify_io()
631 if (v->validated_blocks) in verity_verify_io()
632 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
635 io->in_tasklet) { in verity_verify_io()
638 * tasklet since it may sleep, so fallback to work-queue. in verity_verify_io()
640 return -EAGAIN; in verity_verify_io()
641 } else if (verity_recheck(v, io, start, cur_block) == 0) { in verity_verify_io()
642 if (v->validated_blocks) in verity_verify_io()
643 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
646 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
651 if (bio->bi_status) { in verity_verify_io()
655 return -EIO; in verity_verify_io()
657 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
659 dm_audit_log_bio(DM_MSG_PREFIX, "verify-data", in verity_verify_io()
661 return -EIO; in verity_verify_io()
683 struct dm_verity *v = io->v; in verity_finish_io() local
684 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
686 bio->bi_end_io = io->orig_bi_end_io; in verity_finish_io()
687 bio->bi_status = status; in verity_finish_io()
689 if (!static_branch_unlikely(&use_tasklet_enabled) || !io->in_tasklet) in verity_finish_io()
699 io->in_tasklet = false; in verity_work()
706 struct dm_verity_io *io = bio->bi_private; in verity_end_io()
708 if (bio->bi_status && in verity_end_io()
709 (!verity_fec_is_enabled(io->v) || in verity_end_io()
711 (bio->bi_opf & REQ_RAHEAD))) { in verity_end_io()
712 verity_finish_io(io, bio->bi_status); in verity_end_io()
716 INIT_WORK(&io->work, verity_work); in verity_end_io()
717 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
729 struct dm_verity *v = pw->v; in verity_prefetch_io() local
732 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
736 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
737 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
742 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
746 if (unlikely(cluster & (cluster - 1))) in verity_prefetch_io()
749 hash_block_start &= ~(sector_t)(cluster - 1); in verity_prefetch_io()
750 hash_block_end |= cluster - 1; in verity_prefetch_io()
751 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
752 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
755 dm_bufio_prefetch(v->bufio, hash_block_start, in verity_prefetch_io()
756 hash_block_end - hash_block_start + 1); in verity_prefetch_io()
762 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io) in verity_submit_prefetch() argument
764 sector_t block = io->block; in verity_submit_prefetch()
765 unsigned int n_blocks = io->n_blocks; in verity_submit_prefetch()
768 if (v->validated_blocks) { in verity_submit_prefetch()
769 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
771 n_blocks--; in verity_submit_prefetch()
773 while (n_blocks && test_bit(block + n_blocks - 1, in verity_submit_prefetch()
774 v->validated_blocks)) in verity_submit_prefetch()
775 n_blocks--; in verity_submit_prefetch()
786 INIT_WORK(&pw->work, verity_prefetch_io); in verity_submit_prefetch()
787 pw->v = v; in verity_submit_prefetch()
788 pw->block = block; in verity_submit_prefetch()
789 pw->n_blocks = n_blocks; in verity_submit_prefetch()
790 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
799 struct dm_verity *v = ti->private; in verity_map() local
802 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
803 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
805 if (((unsigned int)bio->bi_iter.bi_sector | bio_sectors(bio)) & in verity_map()
806 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
812 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
820 io = dm_per_bio_data(bio, ti->per_io_data_size); in verity_map()
821 io->v = v; in verity_map()
822 io->orig_bi_end_io = bio->bi_end_io; in verity_map()
823 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
824 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
826 bio->bi_end_io = verity_end_io; in verity_map()
827 bio->bi_private = io; in verity_map()
828 io->iter = bio->bi_iter; in verity_map()
832 verity_submit_prefetch(v, io); in verity_map()
841 struct dm_verity *v = ti->private; in verity_postsuspend() local
842 flush_workqueue(v->verify_wq); in verity_postsuspend()
843 dm_bufio_client_reset(v->bufio); in verity_postsuspend()
847 * Status: V (valid) or C (corruption found)
852 struct dm_verity *v = ti->private; in verity_status() local
859 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
863 v->version, in verity_status()
864 v->data_dev->name, in verity_status()
865 v->hash_dev->name, in verity_status()
866 1 << v->data_dev_block_bits, in verity_status()
867 1 << v->hash_dev_block_bits, in verity_status()
868 (unsigned long long)v->data_blocks, in verity_status()
869 (unsigned long long)v->hash_start, in verity_status()
870 v->alg_name in verity_status()
872 for (x = 0; x < v->digest_size; x++) in verity_status()
873 DMEMIT("%02x", v->root_digest[x]); in verity_status()
875 if (!v->salt_size) in verity_status()
876 DMEMIT("-"); in verity_status()
878 for (x = 0; x < v->salt_size; x++) in verity_status()
879 DMEMIT("%02x", v->salt[x]); in verity_status()
880 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
882 if (verity_fec_is_enabled(v)) in verity_status()
884 if (v->zero_digest) in verity_status()
886 if (v->validated_blocks) in verity_status()
888 if (v->use_tasklet) in verity_status()
890 if (v->signature_key_desc) in verity_status()
895 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
897 switch (v->mode) { in verity_status()
911 if (v->zero_digest) in verity_status()
913 if (v->validated_blocks) in verity_status()
915 if (v->use_tasklet) in verity_status()
917 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
918 if (v->signature_key_desc) in verity_status()
920 " %s", v->signature_key_desc); in verity_status()
924 DMEMIT_TARGET_NAME_VERSION(ti->type); in verity_status()
925 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
926 DMEMIT(",verity_version=%u", v->version); in verity_status()
927 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
928 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
929 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
932 for (x = 0; x < v->digest_size; x++) in verity_status()
933 DMEMIT("%02x", v->root_digest[x]); in verity_status()
936 if (!v->salt_size) in verity_status()
937 DMEMIT("-"); in verity_status()
939 for (x = 0; x < v->salt_size; x++) in verity_status()
940 DMEMIT("%02x", v->salt[x]); in verity_status()
942 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
943 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
944 if (v->signature_key_desc) in verity_status()
945 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
947 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
949 switch (v->mode) { in verity_status()
970 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
972 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
974 if (v->data_start || ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
982 struct dm_verity *v = ti->private; in verity_iterate_devices() local
984 return fn(ti, v->data_dev, v->data_start, ti->len, data); in verity_iterate_devices()
989 struct dm_verity *v = ti->private; in verity_io_hints() local
991 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
992 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
994 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
995 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
997 blk_limits_io_min(limits, limits->logical_block_size); in verity_io_hints()
1002 struct dm_verity *v = ti->private; in verity_dtr() local
1004 if (v->verify_wq) in verity_dtr()
1005 destroy_workqueue(v->verify_wq); in verity_dtr()
1007 mempool_exit(&v->recheck_pool); in verity_dtr()
1008 if (v->io) in verity_dtr()
1009 dm_io_client_destroy(v->io); in verity_dtr()
1011 if (v->bufio) in verity_dtr()
1012 dm_bufio_client_destroy(v->bufio); in verity_dtr()
1014 kvfree(v->validated_blocks); in verity_dtr()
1015 kfree(v->salt); in verity_dtr()
1016 kfree(v->root_digest); in verity_dtr()
1017 kfree(v->zero_digest); in verity_dtr()
1019 if (v->tfm) in verity_dtr()
1020 crypto_free_ahash(v->tfm); in verity_dtr()
1022 kfree(v->alg_name); in verity_dtr()
1024 if (v->hash_dev) in verity_dtr()
1025 dm_put_device(ti, v->hash_dev); in verity_dtr()
1027 if (v->data_dev) in verity_dtr()
1028 dm_put_device(ti, v->data_dev); in verity_dtr()
1030 verity_fec_dtr(v); in verity_dtr()
1032 kfree(v->signature_key_desc); in verity_dtr()
1034 if (v->use_tasklet) in verity_dtr()
1037 kfree(v); in verity_dtr()
1042 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
1044 struct dm_target *ti = v->ti; in verity_alloc_most_once()
1046 if (v->validated_blocks) in verity_alloc_most_once()
1050 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
1051 ti->error = "device too large to use check_at_most_once"; in verity_alloc_most_once()
1052 return -E2BIG; in verity_alloc_most_once()
1055 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
1058 if (!v->validated_blocks) { in verity_alloc_most_once()
1059 ti->error = "failed to allocate bitset for check_at_most_once"; in verity_alloc_most_once()
1060 return -ENOMEM; in verity_alloc_most_once()
1066 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1068 int r = -ENOMEM; in verity_alloc_zero_digest()
1072 if (v->zero_digest) in verity_alloc_zero_digest()
1075 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1077 if (!v->zero_digest) in verity_alloc_zero_digest()
1080 req = kmalloc(v->ahash_reqsize, GFP_KERNEL); in verity_alloc_zero_digest()
1085 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1090 r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1091 v->zero_digest, true); in verity_alloc_zero_digest()
1107 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1109 if (v->mode) in verity_parse_verity_mode()
1110 return -EINVAL; in verity_parse_verity_mode()
1113 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1115 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1117 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1122 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1128 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1135 r = dm_read_arg_group(_args, as, &argc, &ti->error); in verity_parse_opt_args()
1137 return -EINVAL; in verity_parse_opt_args()
1144 argc--; in verity_parse_opt_args()
1149 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1151 ti->error = "Conflicting error handling parameters"; in verity_parse_opt_args()
1159 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1161 ti->error = "Cannot allocate zero digest"; in verity_parse_opt_args()
1169 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1175 v->use_tasklet = true; in verity_parse_opt_args()
1182 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1190 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1208 ti->error = "Unrecognized verity feature request"; in verity_parse_opt_args()
1209 return -EINVAL; in verity_parse_opt_args()
1227 * <salt> Hex string or "-" if no salt.
1231 struct dm_verity *v; in verity_ctr() local
1242 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1243 if (!v) { in verity_ctr()
1244 ti->error = "Cannot allocate verity structure"; in verity_ctr()
1245 return -ENOMEM; in verity_ctr()
1247 ti->private = v; in verity_ctr()
1248 v->ti = ti; in verity_ctr()
1250 r = verity_fec_ctr_alloc(v); in verity_ctr()
1254 if ((dm_table_get_mode(ti->table) & ~BLK_OPEN_READ)) { in verity_ctr()
1255 ti->error = "Device must be readonly"; in verity_ctr()
1256 r = -EINVAL; in verity_ctr()
1261 ti->error = "Not enough arguments"; in verity_ctr()
1262 r = -EINVAL; in verity_ctr()
1268 as.argc = argc - 10; in verity_ctr()
1270 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1277 ti->error = "Invalid version"; in verity_ctr()
1278 r = -EINVAL; in verity_ctr()
1281 v->version = num; in verity_ctr()
1283 r = dm_get_device(ti, argv[1], BLK_OPEN_READ, &v->data_dev); in verity_ctr()
1285 ti->error = "Data device lookup failed"; in verity_ctr()
1289 r = dm_get_device(ti, argv[2], BLK_OPEN_READ, &v->hash_dev); in verity_ctr()
1291 ti->error = "Hash device lookup failed"; in verity_ctr()
1296 !num || (num & (num - 1)) || in verity_ctr()
1297 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1299 ti->error = "Invalid data device block size"; in verity_ctr()
1300 r = -EINVAL; in verity_ctr()
1303 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1306 !num || (num & (num - 1)) || in verity_ctr()
1307 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1309 ti->error = "Invalid hash device block size"; in verity_ctr()
1310 r = -EINVAL; in verity_ctr()
1313 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1316 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1317 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1318 ti->error = "Invalid data blocks"; in verity_ctr()
1319 r = -EINVAL; in verity_ctr()
1322 v->data_blocks = num_ll; in verity_ctr()
1324 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1325 ti->error = "Data device is too small"; in verity_ctr()
1326 r = -EINVAL; in verity_ctr()
1331 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1332 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1333 ti->error = "Invalid hash start"; in verity_ctr()
1334 r = -EINVAL; in verity_ctr()
1337 v->hash_start = num_ll; in verity_ctr()
1339 v->alg_name = kstrdup(argv[7], GFP_KERNEL); in verity_ctr()
1340 if (!v->alg_name) { in verity_ctr()
1341 ti->error = "Cannot allocate algorithm name"; in verity_ctr()
1342 r = -ENOMEM; in verity_ctr()
1346 v->tfm = crypto_alloc_ahash(v->alg_name, 0, in verity_ctr()
1347 v->use_tasklet ? CRYPTO_ALG_ASYNC : 0); in verity_ctr()
1348 if (IS_ERR(v->tfm)) { in verity_ctr()
1349 ti->error = "Cannot initialize hash function"; in verity_ctr()
1350 r = PTR_ERR(v->tfm); in verity_ctr()
1351 v->tfm = NULL; in verity_ctr()
1356 * dm-verity performance can vary greatly depending on which hash in verity_ctr()
1358 * problems by logging the ->cra_driver_name. in verity_ctr()
1360 DMINFO("%s using implementation \"%s\"", v->alg_name, in verity_ctr()
1361 crypto_hash_alg_common(v->tfm)->base.cra_driver_name); in verity_ctr()
1363 v->digest_size = crypto_ahash_digestsize(v->tfm); in verity_ctr()
1364 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_ctr()
1365 ti->error = "Digest size too big"; in verity_ctr()
1366 r = -EINVAL; in verity_ctr()
1369 v->ahash_reqsize = sizeof(struct ahash_request) + in verity_ctr()
1370 crypto_ahash_reqsize(v->tfm); in verity_ctr()
1372 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1373 if (!v->root_digest) { in verity_ctr()
1374 ti->error = "Cannot allocate root digest"; in verity_ctr()
1375 r = -ENOMEM; in verity_ctr()
1378 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1379 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1380 ti->error = "Invalid root digest"; in verity_ctr()
1381 r = -EINVAL; in verity_ctr()
1386 if (strcmp(argv[9], "-")) { in verity_ctr()
1387 v->salt_size = strlen(argv[9]) / 2; in verity_ctr()
1388 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_ctr()
1389 if (!v->salt) { in verity_ctr()
1390 ti->error = "Cannot allocate salt"; in verity_ctr()
1391 r = -ENOMEM; in verity_ctr()
1394 if (strlen(argv[9]) != v->salt_size * 2 || in verity_ctr()
1395 hex2bin(v->salt, argv[9], v->salt_size)) { in verity_ctr()
1396 ti->error = "Invalid salt"; in verity_ctr()
1397 r = -EINVAL; in verity_ctr()
1403 argc -= 10; in verity_ctr()
1409 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1420 ti->error = "Root hash verification failed"; in verity_ctr()
1423 v->hash_per_block_bits = in verity_ctr()
1424 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1426 v->levels = 0; in verity_ctr()
1427 if (v->data_blocks) in verity_ctr()
1428 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1429 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1430 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1431 v->levels++; in verity_ctr()
1433 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1434 ti->error = "Too many tree levels"; in verity_ctr()
1435 r = -E2BIG; in verity_ctr()
1439 hash_position = v->hash_start; in verity_ctr()
1440 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1443 v->hash_level_block[i] = hash_position; in verity_ctr()
1444 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1445 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1447 ti->error = "Hash device offset overflow"; in verity_ctr()
1448 r = -E2BIG; in verity_ctr()
1453 v->hash_blocks = hash_position; in verity_ctr()
1455 r = mempool_init_page_pool(&v->recheck_pool, 1, 0); in verity_ctr()
1457 ti->error = "Cannot allocate mempool"; in verity_ctr()
1461 v->io = dm_io_client_create(); in verity_ctr()
1462 if (IS_ERR(v->io)) { in verity_ctr()
1463 r = PTR_ERR(v->io); in verity_ctr()
1464 v->io = NULL; in verity_ctr()
1465 ti->error = "Cannot allocate dm io"; in verity_ctr()
1469 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1470 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1472 v->use_tasklet ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1473 if (IS_ERR(v->bufio)) { in verity_ctr()
1474 ti->error = "Cannot initialize dm-bufio"; in verity_ctr()
1475 r = PTR_ERR(v->bufio); in verity_ctr()
1476 v->bufio = NULL; in verity_ctr()
1480 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1481 ti->error = "Hash device is too small"; in verity_ctr()
1482 r = -E2BIG; in verity_ctr()
1488 * reducing wait times when reading from a dm-verity device. in verity_ctr()
1492 * will fall-back to using it for error handling (or if the bufio cache in verity_ctr()
1495 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1496 if (!v->verify_wq) { in verity_ctr()
1497 ti->error = "Cannot allocate workqueue"; in verity_ctr()
1498 r = -ENOMEM; in verity_ctr()
1502 ti->per_io_data_size = sizeof(struct dm_verity_io) + in verity_ctr()
1503 v->ahash_reqsize + v->digest_size * 2; in verity_ctr()
1505 r = verity_fec_ctr(v); in verity_ctr()
1509 ti->per_io_data_size = roundup(ti->per_io_data_size, in verity_ctr()
1530 * Returns the verity mode of the target, or -EINVAL if 'ti' is not a verity
1535 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1538 return -EINVAL; in dm_verity_get_mode()
1540 return v->mode; in dm_verity_get_mode()
1551 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1554 return -EINVAL; in dm_verity_get_root_digest()
1556 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1558 return -ENOMEM; in dm_verity_get_root_digest()
1560 *digest_size = v->digest_size; in dm_verity_get_root_digest()
1586 return ti->type == &verity_target; in dm_is_verity_target()