1 /*
2 * Copyright (C) 2015 Google, Inc.
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15 #include <linux/buffer_head.h>
16 #include <linux/debugfs.h>
17 #include <linux/delay.h>
18 #include <linux/device.h>
19 #include <linux/device-mapper.h>
20 #include <linux/errno.h>
21 #include <linux/fs.h>
22 #include <linux/fcntl.h>
23 #include <linux/init.h>
24 #include <linux/kernel.h>
25 #include <linux/key.h>
26 #include <linux/module.h>
27 #include <linux/mount.h>
28 #include <linux/namei.h>
29 #include <linux/of.h>
30 #include <linux/reboot.h>
31 #include <linux/string.h>
32 #include <linux/vmalloc.h>
33
34 #include <asm/setup.h>
35 #include <crypto/hash.h>
36 #include <crypto/public_key.h>
37 #include <crypto/sha.h>
38 #include <keys/asymmetric-type.h>
39 #include <keys/system_keyring.h>
40
41 #include "dm-verity.h"
42 #include "dm-android-verity.h"
43
44 static char verifiedbootstate[VERITY_COMMANDLINE_PARAM_LENGTH];
45 static char veritymode[VERITY_COMMANDLINE_PARAM_LENGTH];
46 static char veritykeyid[VERITY_DEFAULT_KEY_ID_LENGTH];
47 static char buildvariant[BUILD_VARIANT];
48
49 static bool target_added;
50 static bool verity_enabled = true;
51 struct dentry *debug_dir;
52 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv);
53
54 static struct target_type android_verity_target = {
55 .name = "android-verity",
56 .version = {1, 0, 0},
57 .module = THIS_MODULE,
58 .ctr = android_verity_ctr,
59 .dtr = verity_dtr,
60 .map = verity_map,
61 .status = verity_status,
62 .ioctl = verity_ioctl,
63 .merge = verity_merge,
64 .iterate_devices = verity_iterate_devices,
65 .io_hints = verity_io_hints,
66 };
67
68 #ifndef MODULE
verified_boot_state_param(char * line)69 static int __init verified_boot_state_param(char *line)
70 {
71 strlcpy(verifiedbootstate, line, sizeof(verifiedbootstate));
72 return 1;
73 }
74
75 __setup("androidboot.verifiedbootstate=", verified_boot_state_param);
76
verity_mode_param(char * line)77 static int __init verity_mode_param(char *line)
78 {
79 strlcpy(veritymode, line, sizeof(veritymode));
80 return 1;
81 }
82
83 __setup("androidboot.veritymode=", verity_mode_param);
84
verity_keyid_param(char * line)85 static int __init verity_keyid_param(char *line)
86 {
87 strlcpy(veritykeyid, line, sizeof(veritykeyid));
88 return 1;
89 }
90
91 __setup("veritykeyid=", verity_keyid_param);
92
verity_buildvariant(char * line)93 static int __init verity_buildvariant(char *line)
94 {
95 strlcpy(buildvariant, line, sizeof(buildvariant));
96 return 1;
97 }
98
99 __setup("buildvariant=", verity_buildvariant);
100 #endif
101
default_verity_key_id(void)102 static inline bool default_verity_key_id(void)
103 {
104 return veritykeyid[0] != '\0';
105 }
106
is_eng(void)107 static inline bool is_eng(void)
108 {
109 static const char typeeng[] = "eng";
110
111 return !strncmp(buildvariant, typeeng, sizeof(typeeng));
112 }
113
is_userdebug(void)114 static inline bool is_userdebug(void)
115 {
116 static const char typeuserdebug[] = "userdebug";
117
118 return !strncmp(buildvariant, typeuserdebug, sizeof(typeuserdebug));
119 }
120
is_unlocked(void)121 static inline bool is_unlocked(void)
122 {
123 static const char unlocked[] = "orange";
124
125 return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));
126 }
127
table_extract_mpi_array(struct public_key_signature * pks,const void * data,size_t len)128 static int table_extract_mpi_array(struct public_key_signature *pks,
129 const void *data, size_t len)
130 {
131 MPI mpi = mpi_read_raw_data(data, len);
132
133 if (!mpi) {
134 DMERR("Error while allocating mpi array");
135 return -ENOMEM;
136 }
137
138 pks->mpi[0] = mpi;
139 pks->nr_mpi = 1;
140 return 0;
141 }
142
table_make_digest(enum hash_algo hash,const void * table,unsigned long table_len)143 static struct public_key_signature *table_make_digest(
144 enum hash_algo hash,
145 const void *table,
146 unsigned long table_len)
147 {
148 struct public_key_signature *pks = NULL;
149 struct crypto_shash *tfm;
150 struct shash_desc *desc;
151 size_t digest_size, desc_size;
152 int ret;
153
154 /* Allocate the hashing algorithm we're going to need and find out how
155 * big the hash operational data will be.
156 */
157 tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
158 if (IS_ERR(tfm))
159 return ERR_CAST(tfm);
160
161 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
162 digest_size = crypto_shash_digestsize(tfm);
163
164 /* We allocate the hash operational data storage on the end of out
165 * context data and the digest output buffer on the end of that.
166 */
167 ret = -ENOMEM;
168 pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
169 if (!pks)
170 goto error;
171
172 pks->pkey_hash_algo = hash;
173 pks->digest = (u8 *)pks + sizeof(*pks) + desc_size;
174 pks->digest_size = digest_size;
175
176 desc = (struct shash_desc *)(pks + 1);
177 desc->tfm = tfm;
178 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
179
180 ret = crypto_shash_init(desc);
181 if (ret < 0)
182 goto error;
183
184 ret = crypto_shash_finup(desc, table, table_len, pks->digest);
185 if (ret < 0)
186 goto error;
187
188 crypto_free_shash(tfm);
189 return pks;
190
191 error:
192 kfree(pks);
193 crypto_free_shash(tfm);
194 return ERR_PTR(ret);
195 }
196
read_block_dev(struct bio_read * payload,struct block_device * bdev,sector_t offset,int length)197 static int read_block_dev(struct bio_read *payload, struct block_device *bdev,
198 sector_t offset, int length)
199 {
200 struct bio *bio;
201 int err = 0, i;
202
203 payload->number_of_pages = DIV_ROUND_UP(length, PAGE_SIZE);
204
205 bio = bio_alloc(GFP_KERNEL, payload->number_of_pages);
206 if (!bio) {
207 DMERR("Error while allocating bio");
208 return -ENOMEM;
209 }
210
211 bio->bi_bdev = bdev;
212 bio->bi_iter.bi_sector = offset;
213
214 payload->page_io = kzalloc(sizeof(struct page *) *
215 payload->number_of_pages, GFP_KERNEL);
216 if (!payload->page_io) {
217 DMERR("page_io array alloc failed");
218 err = -ENOMEM;
219 goto free_bio;
220 }
221
222 for (i = 0; i < payload->number_of_pages; i++) {
223 payload->page_io[i] = alloc_page(GFP_KERNEL);
224 if (!payload->page_io[i]) {
225 DMERR("alloc_page failed");
226 err = -ENOMEM;
227 goto free_pages;
228 }
229 if (!bio_add_page(bio, payload->page_io[i], PAGE_SIZE, 0)) {
230 DMERR("bio_add_page error");
231 err = -EIO;
232 goto free_pages;
233 }
234 }
235
236 if (!submit_bio_wait(READ, bio))
237 /* success */
238 goto free_bio;
239 DMERR("bio read failed");
240 err = -EIO;
241
242 free_pages:
243 for (i = 0; i < payload->number_of_pages; i++)
244 if (payload->page_io[i])
245 __free_page(payload->page_io[i]);
246 kfree(payload->page_io);
247 free_bio:
248 bio_put(bio);
249 return err;
250 }
251
fec_div_round_up(u64 x,u64 y)252 static inline u64 fec_div_round_up(u64 x, u64 y)
253 {
254 u64 remainder;
255
256 return div64_u64_rem(x, y, &remainder) +
257 (remainder > 0 ? 1 : 0);
258 }
259
populate_fec_metadata(struct fec_header * header,struct fec_ecc_metadata * ecc)260 static inline void populate_fec_metadata(struct fec_header *header,
261 struct fec_ecc_metadata *ecc)
262 {
263 ecc->blocks = fec_div_round_up(le64_to_cpu(header->inp_size),
264 FEC_BLOCK_SIZE);
265 ecc->roots = le32_to_cpu(header->roots);
266 ecc->start = le64_to_cpu(header->inp_size);
267 }
268
validate_fec_header(struct fec_header * header,u64 offset)269 static inline int validate_fec_header(struct fec_header *header, u64 offset)
270 {
271 /* move offset to make the sanity check work for backup header
272 * as well. */
273 offset -= offset % FEC_BLOCK_SIZE;
274 if (le32_to_cpu(header->magic) != FEC_MAGIC ||
275 le32_to_cpu(header->version) != FEC_VERSION ||
276 le32_to_cpu(header->size) != sizeof(struct fec_header) ||
277 le32_to_cpu(header->roots) == 0 ||
278 le32_to_cpu(header->roots) >= FEC_RSM)
279 return -EINVAL;
280
281 return 0;
282 }
283
extract_fec_header(dev_t dev,struct fec_header * fec,struct fec_ecc_metadata * ecc)284 static int extract_fec_header(dev_t dev, struct fec_header *fec,
285 struct fec_ecc_metadata *ecc)
286 {
287 u64 device_size;
288 struct bio_read payload;
289 int i, err = 0;
290 struct block_device *bdev;
291
292 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
293
294 if (IS_ERR_OR_NULL(bdev)) {
295 DMERR("bdev get error");
296 return PTR_ERR(bdev);
297 }
298
299 device_size = i_size_read(bdev->bd_inode);
300
301 /* fec metadata size is a power of 2 and PAGE_SIZE
302 * is a power of 2 as well.
303 */
304 BUG_ON(FEC_BLOCK_SIZE > PAGE_SIZE);
305 /* 512 byte sector alignment */
306 BUG_ON(((device_size - FEC_BLOCK_SIZE) % (1 << SECTOR_SHIFT)) != 0);
307
308 err = read_block_dev(&payload, bdev, (device_size -
309 FEC_BLOCK_SIZE) / (1 << SECTOR_SHIFT), FEC_BLOCK_SIZE);
310 if (err) {
311 DMERR("Error while reading verity metadata");
312 goto error;
313 }
314
315 BUG_ON(sizeof(struct fec_header) > PAGE_SIZE);
316 memcpy(fec, page_address(payload.page_io[0]),
317 sizeof(*fec));
318
319 ecc->valid = true;
320 if (validate_fec_header(fec, device_size - FEC_BLOCK_SIZE)) {
321 /* Try the backup header */
322 memcpy(fec, page_address(payload.page_io[0]) + FEC_BLOCK_SIZE
323 - sizeof(*fec) ,
324 sizeof(*fec));
325 if (validate_fec_header(fec, device_size -
326 sizeof(struct fec_header)))
327 ecc->valid = false;
328 }
329
330 if (ecc->valid)
331 populate_fec_metadata(fec, ecc);
332
333 for (i = 0; i < payload.number_of_pages; i++)
334 __free_page(payload.page_io[i]);
335 kfree(payload.page_io);
336
337 error:
338 blkdev_put(bdev, FMODE_READ);
339 return err;
340 }
find_metadata_offset(struct fec_header * fec,struct block_device * bdev,u64 * metadata_offset)341 static void find_metadata_offset(struct fec_header *fec,
342 struct block_device *bdev, u64 *metadata_offset)
343 {
344 u64 device_size;
345
346 device_size = i_size_read(bdev->bd_inode);
347
348 if (le32_to_cpu(fec->magic) == FEC_MAGIC)
349 *metadata_offset = le64_to_cpu(fec->inp_size) -
350 VERITY_METADATA_SIZE;
351 else
352 *metadata_offset = device_size - VERITY_METADATA_SIZE;
353 }
354
find_size(dev_t dev,u64 * device_size)355 static int find_size(dev_t dev, u64 *device_size)
356 {
357 struct block_device *bdev;
358
359 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
360 if (IS_ERR_OR_NULL(bdev)) {
361 DMERR("blkdev_get_by_dev failed");
362 return PTR_ERR(bdev);
363 }
364
365 *device_size = i_size_read(bdev->bd_inode);
366 *device_size >>= SECTOR_SHIFT;
367
368 DMINFO("blkdev size in sectors: %llu", *device_size);
369 blkdev_put(bdev, FMODE_READ);
370 return 0;
371 }
372
verify_header(struct android_metadata_header * header)373 static int verify_header(struct android_metadata_header *header)
374 {
375 int retval = -EINVAL;
376
377 if (is_userdebug() && le32_to_cpu(header->magic_number) ==
378 VERITY_METADATA_MAGIC_DISABLE)
379 return VERITY_STATE_DISABLE;
380
381 if (!(le32_to_cpu(header->magic_number) ==
382 VERITY_METADATA_MAGIC_NUMBER) ||
383 (le32_to_cpu(header->magic_number) ==
384 VERITY_METADATA_MAGIC_DISABLE)) {
385 DMERR("Incorrect magic number");
386 return retval;
387 }
388
389 if (le32_to_cpu(header->protocol_version) !=
390 VERITY_METADATA_VERSION) {
391 DMERR("Unsupported version %u",
392 le32_to_cpu(header->protocol_version));
393 return retval;
394 }
395
396 return 0;
397 }
398
extract_metadata(dev_t dev,struct fec_header * fec,struct android_metadata ** metadata,bool * verity_enabled)399 static int extract_metadata(dev_t dev, struct fec_header *fec,
400 struct android_metadata **metadata,
401 bool *verity_enabled)
402 {
403 struct block_device *bdev;
404 struct android_metadata_header *header;
405 int i;
406 u32 table_length, copy_length, offset;
407 u64 metadata_offset;
408 struct bio_read payload;
409 int err = 0;
410
411 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
412
413 if (IS_ERR_OR_NULL(bdev)) {
414 DMERR("blkdev_get_by_dev failed");
415 return -ENODEV;
416 }
417
418 find_metadata_offset(fec, bdev, &metadata_offset);
419
420 /* Verity metadata size is a power of 2 and PAGE_SIZE
421 * is a power of 2 as well.
422 * PAGE_SIZE is also a multiple of 512 bytes.
423 */
424 if (VERITY_METADATA_SIZE > PAGE_SIZE)
425 BUG_ON(VERITY_METADATA_SIZE % PAGE_SIZE != 0);
426 /* 512 byte sector alignment */
427 BUG_ON(metadata_offset % (1 << SECTOR_SHIFT) != 0);
428
429 err = read_block_dev(&payload, bdev, metadata_offset /
430 (1 << SECTOR_SHIFT), VERITY_METADATA_SIZE);
431 if (err) {
432 DMERR("Error while reading verity metadata");
433 goto blkdev_release;
434 }
435
436 header = kzalloc(sizeof(*header), GFP_KERNEL);
437 if (!header) {
438 DMERR("kzalloc failed for header");
439 err = -ENOMEM;
440 goto free_payload;
441 }
442
443 memcpy(header, page_address(payload.page_io[0]),
444 sizeof(*header));
445
446 DMINFO("bio magic_number:%u protocol_version:%d table_length:%u",
447 le32_to_cpu(header->magic_number),
448 le32_to_cpu(header->protocol_version),
449 le32_to_cpu(header->table_length));
450
451 err = verify_header(header);
452
453 if (err == VERITY_STATE_DISABLE) {
454 DMERR("Mounting root with verity disabled");
455 *verity_enabled = false;
456 /* we would still have to read the metadata to figure out
457 * the data blocks size. Or may be could map the entire
458 * partition similar to mounting the device.
459 *
460 * Reset error as well as the verity_enabled flag is changed.
461 */
462 err = 0;
463 } else if (err)
464 goto free_header;
465
466 *metadata = kzalloc(sizeof(**metadata), GFP_KERNEL);
467 if (!*metadata) {
468 DMERR("kzalloc for metadata failed");
469 err = -ENOMEM;
470 goto free_header;
471 }
472
473 (*metadata)->header = header;
474 table_length = le32_to_cpu(header->table_length);
475
476 if (table_length == 0 ||
477 table_length > (VERITY_METADATA_SIZE -
478 sizeof(struct android_metadata_header))) {
479 DMERR("table_length too long");
480 err = -EINVAL;
481 goto free_metadata;
482 }
483
484 (*metadata)->verity_table = kzalloc(table_length + 1, GFP_KERNEL);
485
486 if (!(*metadata)->verity_table) {
487 DMERR("kzalloc verity_table failed");
488 err = -ENOMEM;
489 goto free_metadata;
490 }
491
492 if (sizeof(struct android_metadata_header) +
493 table_length <= PAGE_SIZE) {
494 memcpy((*metadata)->verity_table,
495 page_address(payload.page_io[0])
496 + sizeof(struct android_metadata_header),
497 table_length);
498 } else {
499 copy_length = PAGE_SIZE -
500 sizeof(struct android_metadata_header);
501 memcpy((*metadata)->verity_table,
502 page_address(payload.page_io[0])
503 + sizeof(struct android_metadata_header),
504 copy_length);
505 table_length -= copy_length;
506 offset = copy_length;
507 i = 1;
508 while (table_length != 0) {
509 if (table_length > PAGE_SIZE) {
510 memcpy((*metadata)->verity_table + offset,
511 page_address(payload.page_io[i]),
512 PAGE_SIZE);
513 offset += PAGE_SIZE;
514 table_length -= PAGE_SIZE;
515 } else {
516 memcpy((*metadata)->verity_table + offset,
517 page_address(payload.page_io[i]),
518 table_length);
519 table_length = 0;
520 }
521 i++;
522 }
523 }
524 (*metadata)->verity_table[table_length] = '\0';
525
526 DMINFO("verity_table: %s", (*metadata)->verity_table);
527 goto free_payload;
528
529 free_metadata:
530 kfree(*metadata);
531 free_header:
532 kfree(header);
533 free_payload:
534 for (i = 0; i < payload.number_of_pages; i++)
535 if (payload.page_io[i])
536 __free_page(payload.page_io[i]);
537 kfree(payload.page_io);
538 blkdev_release:
539 blkdev_put(bdev, FMODE_READ);
540 return err;
541 }
542
543 /* helper functions to extract properties from dts */
find_dt_value(const char * name)544 const char *find_dt_value(const char *name)
545 {
546 struct device_node *firmware;
547 const char *value;
548
549 firmware = of_find_node_by_path("/firmware/android");
550 if (!firmware)
551 return NULL;
552 value = of_get_property(firmware, name, NULL);
553 of_node_put(firmware);
554
555 return value;
556 }
557
verity_mode(void)558 static int verity_mode(void)
559 {
560 static const char enforcing[] = "enforcing";
561 static const char verified_mode_prop[] = "veritymode";
562 const char *value;
563
564 value = find_dt_value(verified_mode_prop);
565 if (!value)
566 value = veritymode;
567 if (!strncmp(value, enforcing, sizeof(enforcing) - 1))
568 return DM_VERITY_MODE_RESTART;
569
570 return DM_VERITY_MODE_EIO;
571 }
572
verify_verity_signature(char * key_id,struct android_metadata * metadata)573 static int verify_verity_signature(char *key_id,
574 struct android_metadata *metadata)
575 {
576 key_ref_t key_ref;
577 struct key *key;
578 struct public_key_signature *pks = NULL;
579 int retval = -EINVAL;
580
581 key_ref = keyring_search(make_key_ref(system_trusted_keyring, 1),
582 &key_type_asymmetric, key_id);
583
584 if (IS_ERR(key_ref)) {
585 DMERR("keyring: key not found");
586 return -ENOKEY;
587 }
588
589 key = key_ref_to_ptr(key_ref);
590
591 pks = table_make_digest(HASH_ALGO_SHA256,
592 (const void *)metadata->verity_table,
593 le32_to_cpu(metadata->header->table_length));
594
595 if (IS_ERR(pks)) {
596 DMERR("hashing failed");
597 goto error;
598 }
599
600 retval = table_extract_mpi_array(pks, &metadata->header->signature[0],
601 RSANUMBYTES);
602 if (retval < 0) {
603 DMERR("Error extracting mpi %d", retval);
604 goto error;
605 }
606
607 retval = verify_signature(key, pks);
608 mpi_free(pks->rsa.s);
609 error:
610 kfree(pks);
611 key_put(key);
612
613 return retval;
614 }
615
handle_error(void)616 static void handle_error(void)
617 {
618 int mode = verity_mode();
619 if (mode == DM_VERITY_MODE_RESTART) {
620 DMERR("triggering restart");
621 kernel_restart("dm-verity device corrupted");
622 } else {
623 DMERR("Mounting verity root failed");
624 }
625 }
626
test_mult_overflow(sector_t a,u32 b)627 static inline bool test_mult_overflow(sector_t a, u32 b)
628 {
629 sector_t r = (sector_t)~0ULL;
630
631 sector_div(r, b);
632 return a > r;
633 }
634
add_as_linear_device(struct dm_target * ti,char * dev)635 static int add_as_linear_device(struct dm_target *ti, char *dev)
636 {
637 /*Move to linear mapping defines*/
638 char *linear_table_args[DM_LINEAR_ARGS] = {dev,
639 DM_LINEAR_TARGET_OFFSET};
640 int err = 0;
641
642 android_verity_target.dtr = dm_linear_dtr,
643 android_verity_target.map = dm_linear_map,
644 android_verity_target.status = dm_linear_status,
645 android_verity_target.ioctl = dm_linear_ioctl,
646 android_verity_target.merge = dm_linear_merge,
647 android_verity_target.iterate_devices = dm_linear_iterate_devices,
648 android_verity_target.io_hints = NULL;
649
650 set_disk_ro(dm_disk(dm_table_get_md(ti->table)), 0);
651
652 err = dm_linear_ctr(ti, DM_LINEAR_ARGS, linear_table_args);
653
654 if (!err) {
655 DMINFO("Added android-verity as a linear target");
656 target_added = true;
657 } else
658 DMERR("Failed to add android-verity as linear target");
659
660 return err;
661 }
662
create_linear_device(struct dm_target * ti,dev_t dev,char * target_device)663 static int create_linear_device(struct dm_target *ti, dev_t dev,
664 char *target_device)
665 {
666 u64 device_size = 0;
667 int err = find_size(dev, &device_size);
668
669 if (err) {
670 DMERR("error finding bdev size");
671 handle_error();
672 return err;
673 }
674
675 ti->len = device_size;
676 err = add_as_linear_device(ti, target_device);
677 if (err) {
678 handle_error();
679 return err;
680 }
681 verity_enabled = false;
682 return 0;
683 }
684
685 /*
686 * Target parameters:
687 * <key id> Key id of the public key in the system keyring.
688 * Verity metadata's signature would be verified against
689 * this. If the key id contains spaces, replace them
690 * with '#'.
691 * <block device> The block device for which dm-verity is being setup.
692 */
android_verity_ctr(struct dm_target * ti,unsigned argc,char ** argv)693 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
694 {
695 dev_t uninitialized_var(dev);
696 struct android_metadata *metadata = NULL;
697 int err = 0, i, mode;
698 char *key_id, *table_ptr, dummy, *target_device,
699 *verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS];
700 /* One for specifying number of opt args and one for mode */
701 sector_t data_sectors;
702 u32 data_block_size;
703 unsigned int no_of_args = VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS;
704 struct fec_header uninitialized_var(fec);
705 struct fec_ecc_metadata uninitialized_var(ecc);
706 char buf[FEC_ARG_LENGTH], *buf_ptr;
707 unsigned long long tmpll;
708
709 if (argc == 1) {
710 /* Use the default keyid */
711 if (default_verity_key_id())
712 key_id = veritykeyid;
713 else if (!is_eng()) {
714 DMERR("veritykeyid= is not set");
715 handle_error();
716 return -EINVAL;
717 }
718 } else if (argc == 2)
719 key_id = argv[1];
720 else {
721 DMERR("Incorrect number of arguments");
722 handle_error();
723 return -EINVAL;
724 }
725
726 target_device = argv[0];
727
728 dev = name_to_dev_t(target_device);
729 if (!dev) {
730 const unsigned int timeout_ms = DM_VERITY_WAIT_DEV_TIMEOUT_MS;
731 unsigned int wait_time_ms = 0;
732
733 DMERR("android_verity_ctr: retry %s\n", target_device);
734 while (driver_probe_done() != 0 ||
735 (dev = name_to_dev_t(target_device)) == 0) {
736 msleep(100);
737 wait_time_ms += 100;
738 if (wait_time_ms > timeout_ms) {
739 DMERR("android_verity_ctr: retry timeout(%dms)\n", timeout_ms);
740 DMERR("no dev found for %s", target_device);
741 handle_error();
742 return -EINVAL;
743 }
744 }
745 }
746
747 if (is_eng())
748 return create_linear_device(ti, dev, target_device);
749
750 strreplace(key_id, '#', ' ');
751
752 DMINFO("key:%s dev:%s", key_id, target_device);
753
754 if (extract_fec_header(dev, &fec, &ecc)) {
755 DMERR("Error while extracting fec header");
756 handle_error();
757 return -EINVAL;
758 }
759
760 err = extract_metadata(dev, &fec, &metadata, &verity_enabled);
761
762 if (err) {
763 /* Allow invalid metadata when the device is unlocked */
764 if (is_unlocked()) {
765 DMWARN("Allow invalid metadata when unlocked");
766 return create_linear_device(ti, dev, target_device);
767 }
768 DMERR("Error while extracting metadata");
769 handle_error();
770 goto free_metadata;
771 }
772
773 if (verity_enabled) {
774 err = verify_verity_signature(key_id, metadata);
775
776 if (err) {
777 DMERR("Signature verification failed");
778 handle_error();
779 goto free_metadata;
780 } else
781 DMINFO("Signature verification success");
782 }
783
784 table_ptr = metadata->verity_table;
785
786 for (i = 0; i < VERITY_TABLE_ARGS; i++) {
787 verity_table_args[i] = strsep(&table_ptr, " ");
788 if (verity_table_args[i] == NULL)
789 break;
790 }
791
792 if (i != VERITY_TABLE_ARGS) {
793 DMERR("Verity table not in the expected format");
794 err = -EINVAL;
795 handle_error();
796 goto free_metadata;
797 }
798
799 if (sscanf(verity_table_args[5], "%llu%c", &tmpll, &dummy)
800 != 1) {
801 DMERR("Verity table not in the expected format");
802 handle_error();
803 err = -EINVAL;
804 goto free_metadata;
805 }
806
807 if (tmpll > ULONG_MAX) {
808 DMERR("<num_data_blocks> too large. Forgot to turn on CONFIG_LBDAF?");
809 handle_error();
810 err = -EINVAL;
811 goto free_metadata;
812 }
813
814 data_sectors = tmpll;
815
816 if (sscanf(verity_table_args[3], "%u%c", &data_block_size, &dummy)
817 != 1) {
818 DMERR("Verity table not in the expected format");
819 handle_error();
820 err = -EINVAL;
821 goto free_metadata;
822 }
823
824 if (test_mult_overflow(data_sectors, data_block_size >>
825 SECTOR_SHIFT)) {
826 DMERR("data_sectors too large");
827 handle_error();
828 err = -EOVERFLOW;
829 goto free_metadata;
830 }
831
832 data_sectors *= data_block_size >> SECTOR_SHIFT;
833 DMINFO("Data sectors %llu", (unsigned long long)data_sectors);
834
835 /* update target length */
836 ti->len = data_sectors;
837
838 /* Setup linear target and free */
839 if (!verity_enabled) {
840 err = add_as_linear_device(ti, target_device);
841 goto free_metadata;
842 }
843
844 /*substitute data_dev and hash_dev*/
845 verity_table_args[1] = target_device;
846 verity_table_args[2] = target_device;
847
848 mode = verity_mode();
849
850 if (ecc.valid && IS_BUILTIN(CONFIG_DM_VERITY_FEC)) {
851 if (mode) {
852 err = snprintf(buf, FEC_ARG_LENGTH,
853 "%u %s " VERITY_TABLE_OPT_FEC_FORMAT,
854 1 + VERITY_TABLE_OPT_FEC_ARGS,
855 mode == DM_VERITY_MODE_RESTART ?
856 VERITY_TABLE_OPT_RESTART :
857 VERITY_TABLE_OPT_LOGGING,
858 target_device,
859 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
860 ecc.roots);
861 } else {
862 err = snprintf(buf, FEC_ARG_LENGTH,
863 "%u " VERITY_TABLE_OPT_FEC_FORMAT,
864 VERITY_TABLE_OPT_FEC_ARGS, target_device,
865 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
866 ecc.roots);
867 }
868 } else if (mode) {
869 err = snprintf(buf, FEC_ARG_LENGTH,
870 "2 " VERITY_TABLE_OPT_IGNZERO " %s",
871 mode == DM_VERITY_MODE_RESTART ?
872 VERITY_TABLE_OPT_RESTART : VERITY_TABLE_OPT_LOGGING);
873 } else {
874 err = snprintf(buf, FEC_ARG_LENGTH, "1 %s",
875 "ignore_zero_blocks");
876 }
877
878 if (err < 0 || err >= FEC_ARG_LENGTH)
879 goto free_metadata;
880
881 buf_ptr = buf;
882
883 for (i = VERITY_TABLE_ARGS; i < (VERITY_TABLE_ARGS +
884 VERITY_TABLE_OPT_FEC_ARGS + 2); i++) {
885 verity_table_args[i] = strsep(&buf_ptr, " ");
886 if (verity_table_args[i] == NULL) {
887 no_of_args = i;
888 break;
889 }
890 }
891
892 err = verity_ctr(ti, no_of_args, verity_table_args);
893
894 if (err)
895 DMERR("android-verity failed to mount as verity target");
896 else {
897 target_added = true;
898 DMINFO("android-verity mounted as verity target");
899 }
900
901 free_metadata:
902 if (metadata) {
903 kfree(metadata->header);
904 kfree(metadata->verity_table);
905 }
906 kfree(metadata);
907 return err;
908 }
909
dm_android_verity_init(void)910 static int __init dm_android_verity_init(void)
911 {
912 int r;
913 struct dentry *file;
914
915 r = dm_register_target(&android_verity_target);
916 if (r < 0)
917 DMERR("register failed %d", r);
918
919 /* Tracks the status of the last added target */
920 debug_dir = debugfs_create_dir("android_verity", NULL);
921
922 if (IS_ERR_OR_NULL(debug_dir)) {
923 DMERR("Cannot create android_verity debugfs directory: %ld",
924 PTR_ERR(debug_dir));
925 goto end;
926 }
927
928 file = debugfs_create_bool("target_added", S_IRUGO, debug_dir,
929 (u32 *)&target_added);
930
931 if (IS_ERR_OR_NULL(file)) {
932 DMERR("Cannot create android_verity debugfs directory: %ld",
933 PTR_ERR(debug_dir));
934 debugfs_remove_recursive(debug_dir);
935 goto end;
936 }
937
938 file = debugfs_create_bool("verity_enabled", S_IRUGO, debug_dir,
939 (u32 *)&verity_enabled);
940
941 if (IS_ERR_OR_NULL(file)) {
942 DMERR("Cannot create android_verity debugfs directory: %ld",
943 PTR_ERR(debug_dir));
944 debugfs_remove_recursive(debug_dir);
945 }
946
947 end:
948 return r;
949 }
950
dm_android_verity_exit(void)951 static void __exit dm_android_verity_exit(void)
952 {
953 if (!IS_ERR_OR_NULL(debug_dir))
954 debugfs_remove_recursive(debug_dir);
955
956 dm_unregister_target(&android_verity_target);
957 }
958
959 module_init(dm_android_verity_init);
960 module_exit(dm_android_verity_exit);
961