1 /*
2 * Copyright (C) 2015 Google, Inc.
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15 #include <linux/buffer_head.h>
16 #include <linux/debugfs.h>
17 #include <linux/delay.h>
18 #include <linux/device.h>
19 #include <linux/device-mapper.h>
20 #include <linux/errno.h>
21 #include <linux/fs.h>
22 #include <linux/fcntl.h>
23 #include <linux/init.h>
24 #include <linux/kernel.h>
25 #include <linux/key.h>
26 #include <linux/module.h>
27 #include <linux/mount.h>
28 #include <linux/namei.h>
29 #include <linux/of.h>
30 #include <linux/reboot.h>
31 #include <linux/string.h>
32 #include <linux/vmalloc.h>
33
34 #include <asm/setup.h>
35 #include <crypto/hash.h>
36 #include <crypto/hash_info.h>
37 #include <crypto/public_key.h>
38 #include <crypto/sha.h>
39 #include <keys/asymmetric-type.h>
40 #include <keys/system_keyring.h>
41
42 #include "dm-verity.h"
43 #include "dm-android-verity.h"
44
45 static char verifiedbootstate[VERITY_COMMANDLINE_PARAM_LENGTH];
46 static char veritymode[VERITY_COMMANDLINE_PARAM_LENGTH];
47 static char veritykeyid[VERITY_DEFAULT_KEY_ID_LENGTH];
48 static char buildvariant[BUILD_VARIANT];
49
50 static bool target_added;
51 static bool verity_enabled = true;
52 struct dentry *debug_dir;
53 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv);
54
55 static struct target_type android_verity_target = {
56 .name = "android-verity",
57 .version = {1, 0, 0},
58 .module = THIS_MODULE,
59 .ctr = android_verity_ctr,
60 .dtr = verity_dtr,
61 .map = verity_map,
62 .status = verity_status,
63 .prepare_ioctl = verity_prepare_ioctl,
64 .iterate_devices = verity_iterate_devices,
65 .io_hints = verity_io_hints,
66 };
67
verified_boot_state_param(char * line)68 static int __init verified_boot_state_param(char *line)
69 {
70 strlcpy(verifiedbootstate, line, sizeof(verifiedbootstate));
71 return 1;
72 }
73
74 __setup("androidboot.verifiedbootstate=", verified_boot_state_param);
75
verity_mode_param(char * line)76 static int __init verity_mode_param(char *line)
77 {
78 strlcpy(veritymode, line, sizeof(veritymode));
79 return 1;
80 }
81
82 __setup("androidboot.veritymode=", verity_mode_param);
83
verity_keyid_param(char * line)84 static int __init verity_keyid_param(char *line)
85 {
86 strlcpy(veritykeyid, line, sizeof(veritykeyid));
87 return 1;
88 }
89
90 __setup("veritykeyid=", verity_keyid_param);
91
verity_buildvariant(char * line)92 static int __init verity_buildvariant(char *line)
93 {
94 strlcpy(buildvariant, line, sizeof(buildvariant));
95 return 1;
96 }
97
98 __setup("buildvariant=", verity_buildvariant);
99
default_verity_key_id(void)100 static inline bool default_verity_key_id(void)
101 {
102 return veritykeyid[0] != '\0';
103 }
104
is_eng(void)105 static inline bool is_eng(void)
106 {
107 static const char typeeng[] = "eng";
108
109 return !strncmp(buildvariant, typeeng, sizeof(typeeng));
110 }
111
is_userdebug(void)112 static inline bool is_userdebug(void)
113 {
114 static const char typeuserdebug[] = "userdebug";
115
116 return !strncmp(buildvariant, typeuserdebug, sizeof(typeuserdebug));
117 }
118
is_unlocked(void)119 static inline bool is_unlocked(void)
120 {
121 static const char unlocked[] = "orange";
122
123 return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));
124 }
125
read_block_dev(struct bio_read * payload,struct block_device * bdev,sector_t offset,int length)126 static int read_block_dev(struct bio_read *payload, struct block_device *bdev,
127 sector_t offset, int length)
128 {
129 struct bio *bio;
130 int err = 0, i;
131
132 payload->number_of_pages = DIV_ROUND_UP(length, PAGE_SIZE);
133
134 bio = bio_alloc(GFP_KERNEL, payload->number_of_pages);
135 if (!bio) {
136 DMERR("Error while allocating bio");
137 return -ENOMEM;
138 }
139
140 bio_set_dev(bio, bdev);
141 bio->bi_iter.bi_sector = offset;
142 bio_set_op_attrs(bio, REQ_OP_READ, 0);
143
144 payload->page_io = kzalloc(sizeof(struct page *) *
145 payload->number_of_pages, GFP_KERNEL);
146 if (!payload->page_io) {
147 DMERR("page_io array alloc failed");
148 err = -ENOMEM;
149 goto free_bio;
150 }
151
152 for (i = 0; i < payload->number_of_pages; i++) {
153 payload->page_io[i] = alloc_page(GFP_KERNEL);
154 if (!payload->page_io[i]) {
155 DMERR("alloc_page failed");
156 err = -ENOMEM;
157 goto free_pages;
158 }
159 if (!bio_add_page(bio, payload->page_io[i], PAGE_SIZE, 0)) {
160 DMERR("bio_add_page error");
161 err = -EIO;
162 goto free_pages;
163 }
164 }
165
166 if (!submit_bio_wait(bio))
167 /* success */
168 goto free_bio;
169 DMERR("bio read failed");
170 err = -EIO;
171
172 free_pages:
173 for (i = 0; i < payload->number_of_pages; i++)
174 if (payload->page_io[i])
175 __free_page(payload->page_io[i]);
176 kfree(payload->page_io);
177 free_bio:
178 bio_put(bio);
179 return err;
180 }
181
fec_div_round_up(u64 x,u64 y)182 static inline u64 fec_div_round_up(u64 x, u64 y)
183 {
184 u64 remainder;
185
186 return div64_u64_rem(x, y, &remainder) +
187 (remainder > 0 ? 1 : 0);
188 }
189
populate_fec_metadata(struct fec_header * header,struct fec_ecc_metadata * ecc)190 static inline void populate_fec_metadata(struct fec_header *header,
191 struct fec_ecc_metadata *ecc)
192 {
193 ecc->blocks = fec_div_round_up(le64_to_cpu(header->inp_size),
194 FEC_BLOCK_SIZE);
195 ecc->roots = le32_to_cpu(header->roots);
196 ecc->start = le64_to_cpu(header->inp_size);
197 }
198
validate_fec_header(struct fec_header * header,u64 offset)199 static inline int validate_fec_header(struct fec_header *header, u64 offset)
200 {
201 /* move offset to make the sanity check work for backup header
202 * as well. */
203 offset -= offset % FEC_BLOCK_SIZE;
204 if (le32_to_cpu(header->magic) != FEC_MAGIC ||
205 le32_to_cpu(header->version) != FEC_VERSION ||
206 le32_to_cpu(header->size) != sizeof(struct fec_header) ||
207 le32_to_cpu(header->roots) == 0 ||
208 le32_to_cpu(header->roots) >= FEC_RSM)
209 return -EINVAL;
210
211 return 0;
212 }
213
extract_fec_header(dev_t dev,struct fec_header * fec,struct fec_ecc_metadata * ecc)214 static int extract_fec_header(dev_t dev, struct fec_header *fec,
215 struct fec_ecc_metadata *ecc)
216 {
217 u64 device_size;
218 struct bio_read payload;
219 int i, err = 0;
220 struct block_device *bdev;
221
222 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
223
224 if (IS_ERR_OR_NULL(bdev)) {
225 DMERR("bdev get error");
226 return PTR_ERR(bdev);
227 }
228
229 device_size = i_size_read(bdev->bd_inode);
230
231 /* fec metadata size is a power of 2 and PAGE_SIZE
232 * is a power of 2 as well.
233 */
234 BUG_ON(FEC_BLOCK_SIZE > PAGE_SIZE);
235 /* 512 byte sector alignment */
236 BUG_ON(((device_size - FEC_BLOCK_SIZE) % (1 << SECTOR_SHIFT)) != 0);
237
238 err = read_block_dev(&payload, bdev, (device_size -
239 FEC_BLOCK_SIZE) / (1 << SECTOR_SHIFT), FEC_BLOCK_SIZE);
240 if (err) {
241 DMERR("Error while reading verity metadata");
242 goto error;
243 }
244
245 BUG_ON(sizeof(struct fec_header) > PAGE_SIZE);
246 memcpy(fec, page_address(payload.page_io[0]),
247 sizeof(*fec));
248
249 ecc->valid = true;
250 if (validate_fec_header(fec, device_size - FEC_BLOCK_SIZE)) {
251 /* Try the backup header */
252 memcpy(fec, page_address(payload.page_io[0]) + FEC_BLOCK_SIZE
253 - sizeof(*fec) ,
254 sizeof(*fec));
255 if (validate_fec_header(fec, device_size -
256 sizeof(struct fec_header)))
257 ecc->valid = false;
258 }
259
260 if (ecc->valid)
261 populate_fec_metadata(fec, ecc);
262
263 for (i = 0; i < payload.number_of_pages; i++)
264 __free_page(payload.page_io[i]);
265 kfree(payload.page_io);
266
267 error:
268 blkdev_put(bdev, FMODE_READ);
269 return err;
270 }
find_metadata_offset(struct fec_header * fec,struct block_device * bdev,u64 * metadata_offset)271 static void find_metadata_offset(struct fec_header *fec,
272 struct block_device *bdev, u64 *metadata_offset)
273 {
274 u64 device_size;
275
276 device_size = i_size_read(bdev->bd_inode);
277
278 if (le32_to_cpu(fec->magic) == FEC_MAGIC)
279 *metadata_offset = le64_to_cpu(fec->inp_size) -
280 VERITY_METADATA_SIZE;
281 else
282 *metadata_offset = device_size - VERITY_METADATA_SIZE;
283 }
284
find_size(dev_t dev,u64 * device_size)285 static int find_size(dev_t dev, u64 *device_size)
286 {
287 struct block_device *bdev;
288
289 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
290 if (IS_ERR_OR_NULL(bdev)) {
291 DMERR("blkdev_get_by_dev failed");
292 return PTR_ERR(bdev);
293 }
294
295 *device_size = i_size_read(bdev->bd_inode);
296 *device_size >>= SECTOR_SHIFT;
297
298 DMINFO("blkdev size in sectors: %llu", *device_size);
299 blkdev_put(bdev, FMODE_READ);
300 return 0;
301 }
302
verify_header(struct android_metadata_header * header)303 static int verify_header(struct android_metadata_header *header)
304 {
305 int retval = -EINVAL;
306
307 if (is_userdebug() && le32_to_cpu(header->magic_number) ==
308 VERITY_METADATA_MAGIC_DISABLE)
309 return VERITY_STATE_DISABLE;
310
311 if (!(le32_to_cpu(header->magic_number) ==
312 VERITY_METADATA_MAGIC_NUMBER) ||
313 (le32_to_cpu(header->magic_number) ==
314 VERITY_METADATA_MAGIC_DISABLE)) {
315 DMERR("Incorrect magic number");
316 return retval;
317 }
318
319 if (le32_to_cpu(header->protocol_version) !=
320 VERITY_METADATA_VERSION) {
321 DMERR("Unsupported version %u",
322 le32_to_cpu(header->protocol_version));
323 return retval;
324 }
325
326 return 0;
327 }
328
extract_metadata(dev_t dev,struct fec_header * fec,struct android_metadata ** metadata,bool * verity_enabled)329 static int extract_metadata(dev_t dev, struct fec_header *fec,
330 struct android_metadata **metadata,
331 bool *verity_enabled)
332 {
333 struct block_device *bdev;
334 struct android_metadata_header *header;
335 int i;
336 u32 table_length, copy_length, offset;
337 u64 metadata_offset;
338 struct bio_read payload;
339 int err = 0;
340
341 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
342
343 if (IS_ERR_OR_NULL(bdev)) {
344 DMERR("blkdev_get_by_dev failed");
345 return -ENODEV;
346 }
347
348 find_metadata_offset(fec, bdev, &metadata_offset);
349
350 /* Verity metadata size is a power of 2 and PAGE_SIZE
351 * is a power of 2 as well.
352 * PAGE_SIZE is also a multiple of 512 bytes.
353 */
354 if (VERITY_METADATA_SIZE > PAGE_SIZE)
355 BUG_ON(VERITY_METADATA_SIZE % PAGE_SIZE != 0);
356 /* 512 byte sector alignment */
357 BUG_ON(metadata_offset % (1 << SECTOR_SHIFT) != 0);
358
359 err = read_block_dev(&payload, bdev, metadata_offset /
360 (1 << SECTOR_SHIFT), VERITY_METADATA_SIZE);
361 if (err) {
362 DMERR("Error while reading verity metadata");
363 goto blkdev_release;
364 }
365
366 header = kzalloc(sizeof(*header), GFP_KERNEL);
367 if (!header) {
368 DMERR("kzalloc failed for header");
369 err = -ENOMEM;
370 goto free_payload;
371 }
372
373 memcpy(header, page_address(payload.page_io[0]),
374 sizeof(*header));
375
376 DMINFO("bio magic_number:%u protocol_version:%d table_length:%u",
377 le32_to_cpu(header->magic_number),
378 le32_to_cpu(header->protocol_version),
379 le32_to_cpu(header->table_length));
380
381 err = verify_header(header);
382
383 if (err == VERITY_STATE_DISABLE) {
384 DMERR("Mounting root with verity disabled");
385 *verity_enabled = false;
386 /* we would still have to read the metadata to figure out
387 * the data blocks size. Or may be could map the entire
388 * partition similar to mounting the device.
389 *
390 * Reset error as well as the verity_enabled flag is changed.
391 */
392 err = 0;
393 } else if (err)
394 goto free_header;
395
396 *metadata = kzalloc(sizeof(**metadata), GFP_KERNEL);
397 if (!*metadata) {
398 DMERR("kzalloc for metadata failed");
399 err = -ENOMEM;
400 goto free_header;
401 }
402
403 (*metadata)->header = header;
404 table_length = le32_to_cpu(header->table_length);
405
406 if (table_length == 0 ||
407 table_length > (VERITY_METADATA_SIZE -
408 sizeof(struct android_metadata_header))) {
409 DMERR("table_length too long");
410 err = -EINVAL;
411 goto free_metadata;
412 }
413
414 (*metadata)->verity_table = kzalloc(table_length + 1, GFP_KERNEL);
415
416 if (!(*metadata)->verity_table) {
417 DMERR("kzalloc verity_table failed");
418 err = -ENOMEM;
419 goto free_metadata;
420 }
421
422 if (sizeof(struct android_metadata_header) +
423 table_length <= PAGE_SIZE) {
424 memcpy((*metadata)->verity_table,
425 page_address(payload.page_io[0])
426 + sizeof(struct android_metadata_header),
427 table_length);
428 } else {
429 copy_length = PAGE_SIZE -
430 sizeof(struct android_metadata_header);
431 memcpy((*metadata)->verity_table,
432 page_address(payload.page_io[0])
433 + sizeof(struct android_metadata_header),
434 copy_length);
435 table_length -= copy_length;
436 offset = copy_length;
437 i = 1;
438 while (table_length != 0) {
439 if (table_length > PAGE_SIZE) {
440 memcpy((*metadata)->verity_table + offset,
441 page_address(payload.page_io[i]),
442 PAGE_SIZE);
443 offset += PAGE_SIZE;
444 table_length -= PAGE_SIZE;
445 } else {
446 memcpy((*metadata)->verity_table + offset,
447 page_address(payload.page_io[i]),
448 table_length);
449 table_length = 0;
450 }
451 i++;
452 }
453 }
454 (*metadata)->verity_table[table_length] = '\0';
455
456 DMINFO("verity_table: %s", (*metadata)->verity_table);
457 goto free_payload;
458
459 free_metadata:
460 kfree(*metadata);
461 free_header:
462 kfree(header);
463 free_payload:
464 for (i = 0; i < payload.number_of_pages; i++)
465 if (payload.page_io[i])
466 __free_page(payload.page_io[i]);
467 kfree(payload.page_io);
468 blkdev_release:
469 blkdev_put(bdev, FMODE_READ);
470 return err;
471 }
472
473 /* helper functions to extract properties from dts */
find_dt_value(const char * name)474 const char *find_dt_value(const char *name)
475 {
476 struct device_node *firmware;
477 const char *value;
478
479 firmware = of_find_node_by_path("/firmware/android");
480 if (!firmware)
481 return NULL;
482 value = of_get_property(firmware, name, NULL);
483 of_node_put(firmware);
484
485 return value;
486 }
487
verity_mode(void)488 static int verity_mode(void)
489 {
490 static const char enforcing[] = "enforcing";
491 static const char verified_mode_prop[] = "veritymode";
492 const char *value;
493
494 value = find_dt_value(verified_mode_prop);
495 if (!value)
496 value = veritymode;
497 if (!strncmp(value, enforcing, sizeof(enforcing) - 1))
498 return DM_VERITY_MODE_RESTART;
499
500 return DM_VERITY_MODE_EIO;
501 }
502
handle_error(void)503 static void handle_error(void)
504 {
505 int mode = verity_mode();
506 if (mode == DM_VERITY_MODE_RESTART) {
507 DMERR("triggering restart");
508 kernel_restart("dm-verity device corrupted");
509 } else {
510 DMERR("Mounting verity root failed");
511 }
512 }
513
table_make_digest(enum hash_algo hash,const void * table,unsigned long table_len)514 static struct public_key_signature *table_make_digest(
515 enum hash_algo hash,
516 const void *table,
517 unsigned long table_len)
518 {
519 struct public_key_signature *pks = NULL;
520 struct crypto_shash *tfm;
521 struct shash_desc *desc;
522 size_t digest_size, desc_size;
523 int ret;
524
525 /* Allocate the hashing algorithm we're going to need and find out how
526 * big the hash operational data will be.
527 */
528 tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
529 if (IS_ERR(tfm))
530 return ERR_CAST(tfm);
531
532 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
533 digest_size = crypto_shash_digestsize(tfm);
534
535 /* We allocate the hash operational data storage on the end of out
536 * context data and the digest output buffer on the end of that.
537 */
538 ret = -ENOMEM;
539 pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
540 if (!pks)
541 goto error;
542
543 pks->pkey_algo = "rsa";
544 pks->hash_algo = hash_algo_name[hash];
545 pks->digest = (u8 *)pks + sizeof(*pks) + desc_size;
546 pks->digest_size = digest_size;
547
548 desc = (struct shash_desc *)(pks + 1);
549 desc->tfm = tfm;
550 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
551
552 ret = crypto_shash_init(desc);
553 if (ret < 0)
554 goto error;
555
556 ret = crypto_shash_finup(desc, table, table_len, pks->digest);
557 if (ret < 0)
558 goto error;
559
560 crypto_free_shash(tfm);
561 return pks;
562
563 error:
564 kfree(pks);
565 crypto_free_shash(tfm);
566 return ERR_PTR(ret);
567 }
568
569
verify_verity_signature(char * key_id,struct android_metadata * metadata)570 static int verify_verity_signature(char *key_id,
571 struct android_metadata *metadata)
572 {
573 struct public_key_signature *pks = NULL;
574 int retval = -EINVAL;
575
576 if (!key_id)
577 goto error;
578
579 pks = table_make_digest(HASH_ALGO_SHA256,
580 (const void *)metadata->verity_table,
581 le32_to_cpu(metadata->header->table_length));
582 if (IS_ERR(pks)) {
583 DMERR("hashing failed");
584 retval = PTR_ERR(pks);
585 pks = NULL;
586 goto error;
587 }
588
589 pks->s = kmemdup(&metadata->header->signature[0], RSANUMBYTES, GFP_KERNEL);
590 if (!pks->s) {
591 DMERR("Error allocating memory for signature");
592 goto error;
593 }
594 pks->s_size = RSANUMBYTES;
595
596 retval = verify_signature_one(pks, NULL, key_id);
597 kfree(pks->s);
598 error:
599 kfree(pks);
600 return retval;
601 }
602
test_mult_overflow(sector_t a,u32 b)603 static inline bool test_mult_overflow(sector_t a, u32 b)
604 {
605 sector_t r = (sector_t)~0ULL;
606
607 sector_div(r, b);
608 return a > r;
609 }
610
add_as_linear_device(struct dm_target * ti,char * dev)611 static int add_as_linear_device(struct dm_target *ti, char *dev)
612 {
613 /*Move to linear mapping defines*/
614 char *linear_table_args[DM_LINEAR_ARGS] = {dev,
615 DM_LINEAR_TARGET_OFFSET};
616 int err = 0;
617
618 android_verity_target.dtr = dm_linear_dtr,
619 android_verity_target.map = dm_linear_map,
620 android_verity_target.status = dm_linear_status,
621 android_verity_target.end_io = dm_linear_end_io,
622 android_verity_target.prepare_ioctl = dm_linear_prepare_ioctl,
623 android_verity_target.iterate_devices = dm_linear_iterate_devices,
624 android_verity_target.direct_access = dm_linear_dax_direct_access,
625 android_verity_target.dax_copy_from_iter = dm_linear_dax_copy_from_iter,
626 android_verity_target.io_hints = NULL;
627
628 set_disk_ro(dm_disk(dm_table_get_md(ti->table)), 0);
629
630 err = dm_linear_ctr(ti, DM_LINEAR_ARGS, linear_table_args);
631
632 if (!err) {
633 DMINFO("Added android-verity as a linear target");
634 target_added = true;
635 } else
636 DMERR("Failed to add android-verity as linear target");
637
638 return err;
639 }
640
create_linear_device(struct dm_target * ti,dev_t dev,char * target_device)641 static int create_linear_device(struct dm_target *ti, dev_t dev,
642 char *target_device)
643 {
644 u64 device_size = 0;
645 int err = find_size(dev, &device_size);
646
647 if (err) {
648 DMERR("error finding bdev size");
649 handle_error();
650 return err;
651 }
652
653 ti->len = device_size;
654 err = add_as_linear_device(ti, target_device);
655 if (err) {
656 handle_error();
657 return err;
658 }
659 verity_enabled = false;
660 return 0;
661 }
662
663 /*
664 * Target parameters:
665 * <key id> Key id of the public key in the system keyring.
666 * Verity metadata's signature would be verified against
667 * this. If the key id contains spaces, replace them
668 * with '#'.
669 * <block device> The block device for which dm-verity is being setup.
670 */
android_verity_ctr(struct dm_target * ti,unsigned argc,char ** argv)671 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
672 {
673 dev_t uninitialized_var(dev);
674 struct android_metadata *metadata = NULL;
675 int err = 0, i, mode;
676 char *key_id = NULL, *table_ptr, dummy, *target_device;
677 char *verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS];
678 /* One for specifying number of opt args and one for mode */
679 sector_t data_sectors;
680 u32 data_block_size;
681 unsigned int no_of_args = VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS;
682 struct fec_header uninitialized_var(fec);
683 struct fec_ecc_metadata uninitialized_var(ecc);
684 char buf[FEC_ARG_LENGTH], *buf_ptr;
685 unsigned long long tmpll;
686
687 if (argc == 1) {
688 /* Use the default keyid */
689 if (default_verity_key_id())
690 key_id = veritykeyid;
691 else if (!is_eng()) {
692 DMERR("veritykeyid= is not set");
693 handle_error();
694 return -EINVAL;
695 }
696 target_device = argv[0];
697 } else if (argc == 2) {
698 key_id = argv[0];
699 target_device = argv[1];
700 } else {
701 DMERR("Incorrect number of arguments");
702 handle_error();
703 return -EINVAL;
704 }
705
706 dev = name_to_dev_t(target_device);
707 if (!dev) {
708 DMERR("no dev found for %s", target_device);
709 handle_error();
710 return -EINVAL;
711 }
712
713 if (is_eng())
714 return create_linear_device(ti, dev, target_device);
715
716 strreplace(key_id, '#', ' ');
717
718 DMINFO("key:%s dev:%s", key_id, target_device);
719
720 if (extract_fec_header(dev, &fec, &ecc)) {
721 DMERR("Error while extracting fec header");
722 handle_error();
723 return -EINVAL;
724 }
725
726 err = extract_metadata(dev, &fec, &metadata, &verity_enabled);
727
728 if (err) {
729 /* Allow invalid metadata when the device is unlocked */
730 if (is_unlocked()) {
731 DMWARN("Allow invalid metadata when unlocked");
732 return create_linear_device(ti, dev, target_device);
733 }
734 DMERR("Error while extracting metadata");
735 handle_error();
736 goto free_metadata;
737 }
738
739 if (verity_enabled) {
740 err = verify_verity_signature(key_id, metadata);
741
742 if (err) {
743 DMERR("Signature verification failed");
744 handle_error();
745 goto free_metadata;
746 } else
747 DMINFO("Signature verification success");
748 }
749
750 table_ptr = metadata->verity_table;
751
752 for (i = 0; i < VERITY_TABLE_ARGS; i++) {
753 verity_table_args[i] = strsep(&table_ptr, " ");
754 if (verity_table_args[i] == NULL)
755 break;
756 }
757
758 if (i != VERITY_TABLE_ARGS) {
759 DMERR("Verity table not in the expected format");
760 err = -EINVAL;
761 handle_error();
762 goto free_metadata;
763 }
764
765 if (sscanf(verity_table_args[5], "%llu%c", &tmpll, &dummy)
766 != 1) {
767 DMERR("Verity table not in the expected format");
768 handle_error();
769 err = -EINVAL;
770 goto free_metadata;
771 }
772
773 if (tmpll > ULONG_MAX) {
774 DMERR("<num_data_blocks> too large. Forgot to turn on CONFIG_LBDAF?");
775 handle_error();
776 err = -EINVAL;
777 goto free_metadata;
778 }
779
780 data_sectors = tmpll;
781
782 if (sscanf(verity_table_args[3], "%u%c", &data_block_size, &dummy)
783 != 1) {
784 DMERR("Verity table not in the expected format");
785 handle_error();
786 err = -EINVAL;
787 goto free_metadata;
788 }
789
790 if (test_mult_overflow(data_sectors, data_block_size >>
791 SECTOR_SHIFT)) {
792 DMERR("data_sectors too large");
793 handle_error();
794 err = -EOVERFLOW;
795 goto free_metadata;
796 }
797
798 data_sectors *= data_block_size >> SECTOR_SHIFT;
799 DMINFO("Data sectors %llu", (unsigned long long)data_sectors);
800
801 /* update target length */
802 ti->len = data_sectors;
803
804 /* Setup linear target and free */
805 if (!verity_enabled) {
806 err = add_as_linear_device(ti, target_device);
807 goto free_metadata;
808 }
809
810 /*substitute data_dev and hash_dev*/
811 verity_table_args[1] = target_device;
812 verity_table_args[2] = target_device;
813
814 mode = verity_mode();
815
816 if (ecc.valid && IS_BUILTIN(CONFIG_DM_VERITY_FEC)) {
817 if (mode) {
818 err = snprintf(buf, FEC_ARG_LENGTH,
819 "%u %s " VERITY_TABLE_OPT_FEC_FORMAT,
820 1 + VERITY_TABLE_OPT_FEC_ARGS,
821 mode == DM_VERITY_MODE_RESTART ?
822 VERITY_TABLE_OPT_RESTART :
823 VERITY_TABLE_OPT_LOGGING,
824 target_device,
825 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
826 ecc.roots);
827 } else {
828 err = snprintf(buf, FEC_ARG_LENGTH,
829 "%u " VERITY_TABLE_OPT_FEC_FORMAT,
830 VERITY_TABLE_OPT_FEC_ARGS, target_device,
831 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
832 ecc.roots);
833 }
834 } else if (mode) {
835 err = snprintf(buf, FEC_ARG_LENGTH,
836 "2 " VERITY_TABLE_OPT_IGNZERO " %s",
837 mode == DM_VERITY_MODE_RESTART ?
838 VERITY_TABLE_OPT_RESTART : VERITY_TABLE_OPT_LOGGING);
839 } else {
840 err = snprintf(buf, FEC_ARG_LENGTH, "1 %s",
841 "ignore_zero_blocks");
842 }
843
844 if (err < 0 || err >= FEC_ARG_LENGTH)
845 goto free_metadata;
846
847 buf_ptr = buf;
848
849 for (i = VERITY_TABLE_ARGS; i < (VERITY_TABLE_ARGS +
850 VERITY_TABLE_OPT_FEC_ARGS + 2); i++) {
851 verity_table_args[i] = strsep(&buf_ptr, " ");
852 if (verity_table_args[i] == NULL) {
853 no_of_args = i;
854 break;
855 }
856 }
857
858 err = verity_ctr(ti, no_of_args, verity_table_args);
859 if (err) {
860 DMERR("android-verity failed to create a verity target");
861 } else {
862 target_added = true;
863 DMINFO("android-verity created as verity target");
864 }
865
866 free_metadata:
867 if (metadata) {
868 kfree(metadata->header);
869 kfree(metadata->verity_table);
870 }
871 kfree(metadata);
872 return err;
873 }
874
dm_android_verity_init(void)875 static int __init dm_android_verity_init(void)
876 {
877 int r;
878 struct dentry *file;
879
880 r = dm_register_target(&android_verity_target);
881 if (r < 0)
882 DMERR("register failed %d", r);
883
884 /* Tracks the status of the last added target */
885 debug_dir = debugfs_create_dir("android_verity", NULL);
886
887 if (IS_ERR_OR_NULL(debug_dir)) {
888 DMERR("Cannot create android_verity debugfs directory: %ld",
889 PTR_ERR(debug_dir));
890 goto end;
891 }
892
893 file = debugfs_create_bool("target_added", S_IRUGO, debug_dir,
894 &target_added);
895
896 if (IS_ERR_OR_NULL(file)) {
897 DMERR("Cannot create android_verity debugfs directory: %ld",
898 PTR_ERR(debug_dir));
899 debugfs_remove_recursive(debug_dir);
900 goto end;
901 }
902
903 file = debugfs_create_bool("verity_enabled", S_IRUGO, debug_dir,
904 &verity_enabled);
905
906 if (IS_ERR_OR_NULL(file)) {
907 DMERR("Cannot create android_verity debugfs directory: %ld",
908 PTR_ERR(debug_dir));
909 debugfs_remove_recursive(debug_dir);
910 }
911
912 end:
913 return r;
914 }
915
dm_android_verity_exit(void)916 static void __exit dm_android_verity_exit(void)
917 {
918 if (!IS_ERR_OR_NULL(debug_dir))
919 debugfs_remove_recursive(debug_dir);
920
921 dm_unregister_target(&android_verity_target);
922 }
923
924 module_init(dm_android_verity_init);
925 module_exit(dm_android_verity_exit);
926