Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2015 Google, Inc. |
| 3 | * |
| 4 | * Author: Sami Tolvanen <samitolvanen@google.com> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify it |
| 7 | * under the terms of the GNU General Public License as published by the Free |
| 8 | * Software Foundation; either version 2 of the License, or (at your option) |
| 9 | * any later version. |
| 10 | */ |
| 11 | |
| 12 | #include "dm-verity-fec.h" |
| 13 | #include <linux/math64.h> |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 14 | #include <linux/sysfs.h> |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 15 | |
| 16 | #define DM_MSG_PREFIX "verity-fec" |
| 17 | |
| 18 | /* |
| 19 | * If error correction has been configured, returns true. |
| 20 | */ |
| 21 | bool verity_fec_is_enabled(struct dm_verity *v) |
| 22 | { |
| 23 | return v->fec && v->fec->dev; |
| 24 | } |
| 25 | |
| 26 | /* |
| 27 | * Return a pointer to dm_verity_fec_io after dm_verity_io and its variable |
| 28 | * length fields. |
| 29 | */ |
| 30 | static inline struct dm_verity_fec_io *fec_io(struct dm_verity_io *io) |
| 31 | { |
| 32 | return (struct dm_verity_fec_io *) verity_io_digest_end(io->v, io); |
| 33 | } |
| 34 | |
| 35 | /* |
| 36 | * Return an interleaved offset for a byte in RS block. |
| 37 | */ |
| 38 | static inline u64 fec_interleave(struct dm_verity *v, u64 offset) |
| 39 | { |
| 40 | u32 mod; |
| 41 | |
| 42 | mod = do_div(offset, v->fec->rsn); |
| 43 | return offset + mod * (v->fec->rounds << v->data_dev_block_bits); |
| 44 | } |
| 45 | |
| 46 | /* |
| 47 | * Decode an RS block using Reed-Solomon. |
| 48 | */ |
| 49 | static int fec_decode_rs8(struct dm_verity *v, struct dm_verity_fec_io *fio, |
| 50 | u8 *data, u8 *fec, int neras) |
| 51 | { |
| 52 | int i; |
| 53 | uint16_t par[DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN]; |
| 54 | |
| 55 | for (i = 0; i < v->fec->roots; i++) |
| 56 | par[i] = fec[i]; |
| 57 | |
| 58 | return decode_rs8(fio->rs, data, par, v->fec->rsn, NULL, neras, |
| 59 | fio->erasures, 0, NULL); |
| 60 | } |
| 61 | |
| 62 | /* |
| 63 | * Read error-correcting codes for the requested RS block. Returns a pointer |
| 64 | * to the data block. Caller is responsible for releasing buf. |
| 65 | */ |
| 66 | static u8 *fec_read_parity(struct dm_verity *v, u64 rsb, int index, |
| 67 | unsigned *offset, struct dm_buffer **buf) |
| 68 | { |
| 69 | u64 position, block; |
| 70 | u8 *res; |
| 71 | |
| 72 | position = (index + rsb) * v->fec->roots; |
| 73 | block = position >> v->data_dev_block_bits; |
| 74 | *offset = (unsigned)(position - (block << v->data_dev_block_bits)); |
| 75 | |
| 76 | res = dm_bufio_read(v->fec->bufio, v->fec->start + block, buf); |
| 77 | if (unlikely(IS_ERR(res))) { |
| 78 | DMERR("%s: FEC %llu: parity read failed (block %llu): %ld", |
| 79 | v->data_dev->name, (unsigned long long)rsb, |
| 80 | (unsigned long long)(v->fec->start + block), |
| 81 | PTR_ERR(res)); |
| 82 | *buf = NULL; |
| 83 | } |
| 84 | |
| 85 | return res; |
| 86 | } |
| 87 | |
| 88 | /* Loop over each preallocated buffer slot. */ |
| 89 | #define fec_for_each_prealloc_buffer(__i) \ |
| 90 | for (__i = 0; __i < DM_VERITY_FEC_BUF_PREALLOC; __i++) |
| 91 | |
| 92 | /* Loop over each extra buffer slot. */ |
| 93 | #define fec_for_each_extra_buffer(io, __i) \ |
| 94 | for (__i = DM_VERITY_FEC_BUF_PREALLOC; __i < DM_VERITY_FEC_BUF_MAX; __i++) |
| 95 | |
| 96 | /* Loop over each allocated buffer. */ |
| 97 | #define fec_for_each_buffer(io, __i) \ |
| 98 | for (__i = 0; __i < (io)->nbufs; __i++) |
| 99 | |
| 100 | /* Loop over each RS block in each allocated buffer. */ |
| 101 | #define fec_for_each_buffer_rs_block(io, __i, __j) \ |
| 102 | fec_for_each_buffer(io, __i) \ |
| 103 | for (__j = 0; __j < 1 << DM_VERITY_FEC_BUF_RS_BITS; __j++) |
| 104 | |
| 105 | /* |
| 106 | * Return a pointer to the current RS block when called inside |
| 107 | * fec_for_each_buffer_rs_block. |
| 108 | */ |
| 109 | static inline u8 *fec_buffer_rs_block(struct dm_verity *v, |
| 110 | struct dm_verity_fec_io *fio, |
| 111 | unsigned i, unsigned j) |
| 112 | { |
| 113 | return &fio->bufs[i][j * v->fec->rsn]; |
| 114 | } |
| 115 | |
| 116 | /* |
| 117 | * Return an index to the current RS block when called inside |
| 118 | * fec_for_each_buffer_rs_block. |
| 119 | */ |
| 120 | static inline unsigned fec_buffer_rs_index(unsigned i, unsigned j) |
| 121 | { |
| 122 | return (i << DM_VERITY_FEC_BUF_RS_BITS) + j; |
| 123 | } |
| 124 | |
| 125 | /* |
| 126 | * Decode all RS blocks from buffers and copy corrected bytes into fio->output |
| 127 | * starting from block_offset. |
| 128 | */ |
| 129 | static int fec_decode_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio, |
| 130 | u64 rsb, int byte_index, unsigned block_offset, |
| 131 | int neras) |
| 132 | { |
| 133 | int r, corrected = 0, res; |
| 134 | struct dm_buffer *buf; |
| 135 | unsigned n, i, offset; |
| 136 | u8 *par, *block; |
| 137 | |
| 138 | par = fec_read_parity(v, rsb, block_offset, &offset, &buf); |
| 139 | if (IS_ERR(par)) |
| 140 | return PTR_ERR(par); |
| 141 | |
| 142 | /* |
| 143 | * Decode the RS blocks we have in bufs. Each RS block results in |
| 144 | * one corrected target byte and consumes fec->roots parity bytes. |
| 145 | */ |
| 146 | fec_for_each_buffer_rs_block(fio, n, i) { |
| 147 | block = fec_buffer_rs_block(v, fio, n, i); |
| 148 | res = fec_decode_rs8(v, fio, block, &par[offset], neras); |
| 149 | if (res < 0) { |
| 150 | dm_bufio_release(buf); |
| 151 | |
| 152 | r = res; |
| 153 | goto error; |
| 154 | } |
| 155 | |
| 156 | corrected += res; |
| 157 | fio->output[block_offset] = block[byte_index]; |
| 158 | |
| 159 | block_offset++; |
| 160 | if (block_offset >= 1 << v->data_dev_block_bits) |
| 161 | goto done; |
| 162 | |
| 163 | /* read the next block when we run out of parity bytes */ |
| 164 | offset += v->fec->roots; |
| 165 | if (offset >= 1 << v->data_dev_block_bits) { |
| 166 | dm_bufio_release(buf); |
| 167 | |
| 168 | par = fec_read_parity(v, rsb, block_offset, &offset, &buf); |
| 169 | if (unlikely(IS_ERR(par))) |
| 170 | return PTR_ERR(par); |
| 171 | } |
| 172 | } |
| 173 | done: |
| 174 | r = corrected; |
| 175 | error: |
| 176 | if (r < 0 && neras) |
| 177 | DMERR_LIMIT("%s: FEC %llu: failed to correct: %d", |
| 178 | v->data_dev->name, (unsigned long long)rsb, r); |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 179 | else if (r > 0) { |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 180 | DMWARN_LIMIT("%s: FEC %llu: corrected %d errors", |
| 181 | v->data_dev->name, (unsigned long long)rsb, r); |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 182 | atomic_add_unless(&v->fec->corrected, 1, INT_MAX); |
| 183 | } |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 184 | |
| 185 | return r; |
| 186 | } |
| 187 | |
| 188 | /* |
| 189 | * Locate data block erasures using verity hashes. |
| 190 | */ |
| 191 | static int fec_is_erasure(struct dm_verity *v, struct dm_verity_io *io, |
| 192 | u8 *want_digest, u8 *data) |
| 193 | { |
| 194 | if (unlikely(verity_hash(v, verity_io_hash_desc(v, io), |
| 195 | data, 1 << v->data_dev_block_bits, |
| 196 | verity_io_real_digest(v, io)))) |
| 197 | return 0; |
| 198 | |
| 199 | return memcmp(verity_io_real_digest(v, io), want_digest, |
| 200 | v->digest_size) != 0; |
| 201 | } |
| 202 | |
| 203 | /* |
| 204 | * Read data blocks that are part of the RS block and deinterleave as much as |
| 205 | * fits into buffers. Check for erasure locations if @neras is non-NULL. |
| 206 | */ |
| 207 | static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, |
| 208 | u64 rsb, u64 target, unsigned block_offset, |
| 209 | int *neras) |
| 210 | { |
Sami Tolvanen | 0cc37c2 | 2015-12-03 14:26:31 +0000 | [diff] [blame] | 211 | bool is_zero; |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 212 | int i, j, target_index = -1; |
| 213 | struct dm_buffer *buf; |
| 214 | struct dm_bufio_client *bufio; |
| 215 | struct dm_verity_fec_io *fio = fec_io(io); |
| 216 | u64 block, ileaved; |
| 217 | u8 *bbuf, *rs_block; |
| 218 | u8 want_digest[v->digest_size]; |
| 219 | unsigned n, k; |
| 220 | |
| 221 | if (neras) |
| 222 | *neras = 0; |
| 223 | |
| 224 | /* |
| 225 | * read each of the rsn data blocks that are part of the RS block, and |
| 226 | * interleave contents to available bufs |
| 227 | */ |
| 228 | for (i = 0; i < v->fec->rsn; i++) { |
| 229 | ileaved = fec_interleave(v, rsb * v->fec->rsn + i); |
| 230 | |
| 231 | /* |
| 232 | * target is the data block we want to correct, target_index is |
| 233 | * the index of this block within the rsn RS blocks |
| 234 | */ |
| 235 | if (ileaved == target) |
| 236 | target_index = i; |
| 237 | |
| 238 | block = ileaved >> v->data_dev_block_bits; |
| 239 | bufio = v->fec->data_bufio; |
| 240 | |
| 241 | if (block >= v->data_blocks) { |
| 242 | block -= v->data_blocks; |
| 243 | |
| 244 | /* |
| 245 | * blocks outside the area were assumed to contain |
| 246 | * zeros when encoding data was generated |
| 247 | */ |
| 248 | if (unlikely(block >= v->fec->hash_blocks)) |
| 249 | continue; |
| 250 | |
| 251 | block += v->hash_start; |
| 252 | bufio = v->bufio; |
| 253 | } |
| 254 | |
| 255 | bbuf = dm_bufio_read(bufio, block, &buf); |
| 256 | if (unlikely(IS_ERR(bbuf))) { |
| 257 | DMWARN_LIMIT("%s: FEC %llu: read failed (%llu): %ld", |
| 258 | v->data_dev->name, |
| 259 | (unsigned long long)rsb, |
| 260 | (unsigned long long)block, PTR_ERR(bbuf)); |
| 261 | |
| 262 | /* assume the block is corrupted */ |
| 263 | if (neras && *neras <= v->fec->roots) |
| 264 | fio->erasures[(*neras)++] = i; |
| 265 | |
| 266 | continue; |
| 267 | } |
| 268 | |
| 269 | /* locate erasures if the block is on the data device */ |
| 270 | if (bufio == v->fec->data_bufio && |
Sami Tolvanen | 0cc37c2 | 2015-12-03 14:26:31 +0000 | [diff] [blame] | 271 | verity_hash_for_block(v, io, block, want_digest, |
| 272 | &is_zero) == 0) { |
| 273 | /* skip known zero blocks entirely */ |
| 274 | if (is_zero) |
| 275 | continue; |
| 276 | |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 277 | /* |
| 278 | * skip if we have already found the theoretical |
| 279 | * maximum number (i.e. fec->roots) of erasures |
| 280 | */ |
| 281 | if (neras && *neras <= v->fec->roots && |
| 282 | fec_is_erasure(v, io, want_digest, bbuf)) |
| 283 | fio->erasures[(*neras)++] = i; |
| 284 | } |
| 285 | |
| 286 | /* |
| 287 | * deinterleave and copy the bytes that fit into bufs, |
| 288 | * starting from block_offset |
| 289 | */ |
| 290 | fec_for_each_buffer_rs_block(fio, n, j) { |
| 291 | k = fec_buffer_rs_index(n, j) + block_offset; |
| 292 | |
| 293 | if (k >= 1 << v->data_dev_block_bits) |
| 294 | goto done; |
| 295 | |
| 296 | rs_block = fec_buffer_rs_block(v, fio, n, j); |
| 297 | rs_block[i] = bbuf[k]; |
| 298 | } |
| 299 | done: |
| 300 | dm_bufio_release(buf); |
| 301 | } |
| 302 | |
| 303 | return target_index; |
| 304 | } |
| 305 | |
| 306 | /* |
| 307 | * Allocate RS control structure and FEC buffers from preallocated mempools, |
| 308 | * and attempt to allocate as many extra buffers as available. |
| 309 | */ |
| 310 | static int fec_alloc_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio) |
| 311 | { |
| 312 | unsigned n; |
| 313 | |
| 314 | if (!fio->rs) { |
| 315 | fio->rs = mempool_alloc(v->fec->rs_pool, 0); |
| 316 | if (unlikely(!fio->rs)) { |
| 317 | DMERR("failed to allocate RS"); |
| 318 | return -ENOMEM; |
| 319 | } |
| 320 | } |
| 321 | |
| 322 | fec_for_each_prealloc_buffer(n) { |
| 323 | if (fio->bufs[n]) |
| 324 | continue; |
| 325 | |
| 326 | fio->bufs[n] = mempool_alloc(v->fec->prealloc_pool, GFP_NOIO); |
| 327 | if (unlikely(!fio->bufs[n])) { |
| 328 | DMERR("failed to allocate FEC buffer"); |
| 329 | return -ENOMEM; |
| 330 | } |
| 331 | } |
| 332 | |
| 333 | /* try to allocate the maximum number of buffers */ |
| 334 | fec_for_each_extra_buffer(fio, n) { |
| 335 | if (fio->bufs[n]) |
| 336 | continue; |
| 337 | |
| 338 | fio->bufs[n] = mempool_alloc(v->fec->extra_pool, GFP_NOIO); |
| 339 | /* we can manage with even one buffer if necessary */ |
| 340 | if (unlikely(!fio->bufs[n])) |
| 341 | break; |
| 342 | } |
| 343 | fio->nbufs = n; |
| 344 | |
| 345 | if (!fio->output) { |
| 346 | fio->output = mempool_alloc(v->fec->output_pool, GFP_NOIO); |
| 347 | |
| 348 | if (!fio->output) { |
| 349 | DMERR("failed to allocate FEC page"); |
| 350 | return -ENOMEM; |
| 351 | } |
| 352 | } |
| 353 | |
| 354 | return 0; |
| 355 | } |
| 356 | |
| 357 | /* |
| 358 | * Initialize buffers and clear erasures. fec_read_bufs() assumes buffers are |
| 359 | * zeroed before deinterleaving. |
| 360 | */ |
| 361 | static void fec_init_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio) |
| 362 | { |
| 363 | unsigned n; |
| 364 | |
| 365 | fec_for_each_buffer(fio, n) |
| 366 | memset(fio->bufs[n], 0, v->fec->rsn << DM_VERITY_FEC_BUF_RS_BITS); |
| 367 | |
| 368 | memset(fio->erasures, 0, sizeof(fio->erasures)); |
| 369 | } |
| 370 | |
| 371 | /* |
| 372 | * Decode all RS blocks in a single data block and return the target block |
| 373 | * (indicated by @offset) in fio->output. If @use_erasures is non-zero, uses |
| 374 | * hashes to locate erasures. |
| 375 | */ |
| 376 | static int fec_decode_rsb(struct dm_verity *v, struct dm_verity_io *io, |
| 377 | struct dm_verity_fec_io *fio, u64 rsb, u64 offset, |
| 378 | bool use_erasures) |
| 379 | { |
| 380 | int r, neras = 0; |
| 381 | unsigned pos; |
| 382 | |
| 383 | r = fec_alloc_bufs(v, fio); |
| 384 | if (unlikely(r < 0)) |
| 385 | return r; |
| 386 | |
| 387 | for (pos = 0; pos < 1 << v->data_dev_block_bits; ) { |
| 388 | fec_init_bufs(v, fio); |
| 389 | |
| 390 | r = fec_read_bufs(v, io, rsb, offset, pos, |
| 391 | use_erasures ? &neras : NULL); |
| 392 | if (unlikely(r < 0)) |
| 393 | return r; |
| 394 | |
| 395 | r = fec_decode_bufs(v, fio, rsb, r, pos, neras); |
| 396 | if (r < 0) |
| 397 | return r; |
| 398 | |
| 399 | pos += fio->nbufs << DM_VERITY_FEC_BUF_RS_BITS; |
| 400 | } |
| 401 | |
| 402 | /* Always re-validate the corrected block against the expected hash */ |
| 403 | r = verity_hash(v, verity_io_hash_desc(v, io), fio->output, |
| 404 | 1 << v->data_dev_block_bits, |
| 405 | verity_io_real_digest(v, io)); |
| 406 | if (unlikely(r < 0)) |
| 407 | return r; |
| 408 | |
| 409 | if (memcmp(verity_io_real_digest(v, io), verity_io_want_digest(v, io), |
| 410 | v->digest_size)) { |
| 411 | DMERR_LIMIT("%s: FEC %llu: failed to correct (%d erasures)", |
| 412 | v->data_dev->name, (unsigned long long)rsb, neras); |
| 413 | return -EILSEQ; |
| 414 | } |
| 415 | |
| 416 | return 0; |
| 417 | } |
| 418 | |
| 419 | static int fec_bv_copy(struct dm_verity *v, struct dm_verity_io *io, u8 *data, |
| 420 | size_t len) |
| 421 | { |
| 422 | struct dm_verity_fec_io *fio = fec_io(io); |
| 423 | |
| 424 | memcpy(data, &fio->output[fio->output_pos], len); |
| 425 | fio->output_pos += len; |
| 426 | |
| 427 | return 0; |
| 428 | } |
| 429 | |
| 430 | /* |
| 431 | * Correct errors in a block. Copies corrected block to dest if non-NULL, |
| 432 | * otherwise to a bio_vec starting from iter. |
| 433 | */ |
| 434 | int verity_fec_decode(struct dm_verity *v, struct dm_verity_io *io, |
| 435 | enum verity_block_type type, sector_t block, u8 *dest, |
| 436 | struct bvec_iter *iter) |
| 437 | { |
| 438 | int r; |
| 439 | struct dm_verity_fec_io *fio = fec_io(io); |
| 440 | u64 offset, res, rsb; |
| 441 | |
| 442 | if (!verity_fec_is_enabled(v)) |
| 443 | return -EOPNOTSUPP; |
| 444 | |
Sami Tolvanen | 4902970 | 2016-06-03 14:06:14 -0700 | [diff] [blame^] | 445 | if (fio->level >= DM_VERITY_FEC_MAX_RECURSION) { |
| 446 | DMWARN_LIMIT("%s: FEC: recursion too deep", v->data_dev->name); |
| 447 | return -EIO; |
| 448 | } |
| 449 | |
| 450 | fio->level++; |
| 451 | |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 452 | if (type == DM_VERITY_BLOCK_TYPE_METADATA) |
| 453 | block += v->data_blocks; |
| 454 | |
| 455 | /* |
| 456 | * For RS(M, N), the continuous FEC data is divided into blocks of N |
| 457 | * bytes. Since block size may not be divisible by N, the last block |
| 458 | * is zero padded when decoding. |
| 459 | * |
| 460 | * Each byte of the block is covered by a different RS(M, N) code, |
| 461 | * and each code is interleaved over N blocks to make it less likely |
| 462 | * that bursty corruption will leave us in unrecoverable state. |
| 463 | */ |
| 464 | |
| 465 | offset = block << v->data_dev_block_bits; |
Sami Tolvanen | 602d165 | 2016-06-21 11:02:42 -0700 | [diff] [blame] | 466 | res = div64_u64(offset, v->fec->rounds << v->data_dev_block_bits); |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 467 | |
| 468 | /* |
| 469 | * The base RS block we can feed to the interleaver to find out all |
| 470 | * blocks required for decoding. |
| 471 | */ |
| 472 | rsb = offset - res * (v->fec->rounds << v->data_dev_block_bits); |
| 473 | |
| 474 | /* |
| 475 | * Locating erasures is slow, so attempt to recover the block without |
| 476 | * them first. Do a second attempt with erasures if the corruption is |
| 477 | * bad enough. |
| 478 | */ |
| 479 | r = fec_decode_rsb(v, io, fio, rsb, offset, false); |
| 480 | if (r < 0) { |
| 481 | r = fec_decode_rsb(v, io, fio, rsb, offset, true); |
| 482 | if (r < 0) |
Sami Tolvanen | 4902970 | 2016-06-03 14:06:14 -0700 | [diff] [blame^] | 483 | goto done; |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 484 | } |
| 485 | |
| 486 | if (dest) |
| 487 | memcpy(dest, fio->output, 1 << v->data_dev_block_bits); |
| 488 | else if (iter) { |
| 489 | fio->output_pos = 0; |
| 490 | r = verity_for_bv_block(v, io, iter, fec_bv_copy); |
| 491 | } |
| 492 | |
Sami Tolvanen | 4902970 | 2016-06-03 14:06:14 -0700 | [diff] [blame^] | 493 | done: |
| 494 | fio->level--; |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 495 | return r; |
| 496 | } |
| 497 | |
| 498 | /* |
| 499 | * Clean up per-bio data. |
| 500 | */ |
| 501 | void verity_fec_finish_io(struct dm_verity_io *io) |
| 502 | { |
| 503 | unsigned n; |
| 504 | struct dm_verity_fec *f = io->v->fec; |
| 505 | struct dm_verity_fec_io *fio = fec_io(io); |
| 506 | |
| 507 | if (!verity_fec_is_enabled(io->v)) |
| 508 | return; |
| 509 | |
| 510 | mempool_free(fio->rs, f->rs_pool); |
| 511 | |
| 512 | fec_for_each_prealloc_buffer(n) |
| 513 | mempool_free(fio->bufs[n], f->prealloc_pool); |
| 514 | |
| 515 | fec_for_each_extra_buffer(fio, n) |
| 516 | mempool_free(fio->bufs[n], f->extra_pool); |
| 517 | |
| 518 | mempool_free(fio->output, f->output_pool); |
| 519 | } |
| 520 | |
| 521 | /* |
| 522 | * Initialize per-bio data. |
| 523 | */ |
| 524 | void verity_fec_init_io(struct dm_verity_io *io) |
| 525 | { |
| 526 | struct dm_verity_fec_io *fio = fec_io(io); |
| 527 | |
| 528 | if (!verity_fec_is_enabled(io->v)) |
| 529 | return; |
| 530 | |
| 531 | fio->rs = NULL; |
| 532 | memset(fio->bufs, 0, sizeof(fio->bufs)); |
| 533 | fio->nbufs = 0; |
| 534 | fio->output = NULL; |
| 535 | } |
| 536 | |
| 537 | /* |
| 538 | * Append feature arguments and values to the status table. |
| 539 | */ |
| 540 | unsigned verity_fec_status_table(struct dm_verity *v, unsigned sz, |
| 541 | char *result, unsigned maxlen) |
| 542 | { |
| 543 | if (!verity_fec_is_enabled(v)) |
| 544 | return sz; |
| 545 | |
| 546 | DMEMIT(" " DM_VERITY_OPT_FEC_DEV " %s " |
| 547 | DM_VERITY_OPT_FEC_BLOCKS " %llu " |
| 548 | DM_VERITY_OPT_FEC_START " %llu " |
| 549 | DM_VERITY_OPT_FEC_ROOTS " %d", |
| 550 | v->fec->dev->name, |
| 551 | (unsigned long long)v->fec->blocks, |
| 552 | (unsigned long long)v->fec->start, |
| 553 | v->fec->roots); |
| 554 | |
| 555 | return sz; |
| 556 | } |
| 557 | |
| 558 | void verity_fec_dtr(struct dm_verity *v) |
| 559 | { |
| 560 | struct dm_verity_fec *f = v->fec; |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 561 | struct kobject *kobj = &f->kobj_holder.kobj; |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 562 | |
| 563 | if (!verity_fec_is_enabled(v)) |
| 564 | goto out; |
| 565 | |
| 566 | mempool_destroy(f->rs_pool); |
| 567 | mempool_destroy(f->prealloc_pool); |
| 568 | mempool_destroy(f->extra_pool); |
| 569 | kmem_cache_destroy(f->cache); |
| 570 | |
| 571 | if (f->data_bufio) |
| 572 | dm_bufio_client_destroy(f->data_bufio); |
| 573 | if (f->bufio) |
| 574 | dm_bufio_client_destroy(f->bufio); |
| 575 | |
| 576 | if (f->dev) |
| 577 | dm_put_device(v->ti, f->dev); |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 578 | |
| 579 | if (kobj->state_initialized) { |
| 580 | kobject_put(kobj); |
| 581 | wait_for_completion(dm_get_completion_from_kobject(kobj)); |
| 582 | } |
| 583 | |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 584 | out: |
| 585 | kfree(f); |
| 586 | v->fec = NULL; |
| 587 | } |
| 588 | |
| 589 | static void *fec_rs_alloc(gfp_t gfp_mask, void *pool_data) |
| 590 | { |
| 591 | struct dm_verity *v = (struct dm_verity *)pool_data; |
| 592 | |
| 593 | return init_rs(8, 0x11d, 0, 1, v->fec->roots); |
| 594 | } |
| 595 | |
| 596 | static void fec_rs_free(void *element, void *pool_data) |
| 597 | { |
| 598 | struct rs_control *rs = (struct rs_control *)element; |
| 599 | |
| 600 | if (rs) |
| 601 | free_rs(rs); |
| 602 | } |
| 603 | |
| 604 | bool verity_is_fec_opt_arg(const char *arg_name) |
| 605 | { |
| 606 | return (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_DEV) || |
| 607 | !strcasecmp(arg_name, DM_VERITY_OPT_FEC_BLOCKS) || |
| 608 | !strcasecmp(arg_name, DM_VERITY_OPT_FEC_START) || |
| 609 | !strcasecmp(arg_name, DM_VERITY_OPT_FEC_ROOTS)); |
| 610 | } |
| 611 | |
| 612 | int verity_fec_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, |
| 613 | unsigned *argc, const char *arg_name) |
| 614 | { |
| 615 | int r; |
| 616 | struct dm_target *ti = v->ti; |
| 617 | const char *arg_value; |
| 618 | unsigned long long num_ll; |
| 619 | unsigned char num_c; |
| 620 | char dummy; |
| 621 | |
| 622 | if (!*argc) { |
| 623 | ti->error = "FEC feature arguments require a value"; |
| 624 | return -EINVAL; |
| 625 | } |
| 626 | |
| 627 | arg_value = dm_shift_arg(as); |
| 628 | (*argc)--; |
| 629 | |
| 630 | if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_DEV)) { |
| 631 | r = dm_get_device(ti, arg_value, FMODE_READ, &v->fec->dev); |
| 632 | if (r) { |
| 633 | ti->error = "FEC device lookup failed"; |
| 634 | return r; |
| 635 | } |
| 636 | |
| 637 | } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_BLOCKS)) { |
| 638 | if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 || |
| 639 | ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) |
| 640 | >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) { |
| 641 | ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS; |
| 642 | return -EINVAL; |
| 643 | } |
| 644 | v->fec->blocks = num_ll; |
| 645 | |
| 646 | } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_START)) { |
| 647 | if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 || |
| 648 | ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) >> |
| 649 | (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) { |
| 650 | ti->error = "Invalid " DM_VERITY_OPT_FEC_START; |
| 651 | return -EINVAL; |
| 652 | } |
| 653 | v->fec->start = num_ll; |
| 654 | |
| 655 | } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_ROOTS)) { |
| 656 | if (sscanf(arg_value, "%hhu%c", &num_c, &dummy) != 1 || !num_c || |
| 657 | num_c < (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MAX_RSN) || |
| 658 | num_c > (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN)) { |
| 659 | ti->error = "Invalid " DM_VERITY_OPT_FEC_ROOTS; |
| 660 | return -EINVAL; |
| 661 | } |
| 662 | v->fec->roots = num_c; |
| 663 | |
| 664 | } else { |
| 665 | ti->error = "Unrecognized verity FEC feature request"; |
| 666 | return -EINVAL; |
| 667 | } |
| 668 | |
| 669 | return 0; |
| 670 | } |
| 671 | |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 672 | static ssize_t corrected_show(struct kobject *kobj, struct kobj_attribute *attr, |
| 673 | char *buf) |
| 674 | { |
| 675 | struct dm_verity_fec *f = container_of(kobj, struct dm_verity_fec, |
| 676 | kobj_holder.kobj); |
| 677 | |
| 678 | return sprintf(buf, "%d\n", atomic_read(&f->corrected)); |
| 679 | } |
| 680 | |
| 681 | static struct kobj_attribute attr_corrected = __ATTR_RO(corrected); |
| 682 | |
| 683 | static struct attribute *fec_attrs[] = { |
| 684 | &attr_corrected.attr, |
| 685 | NULL |
| 686 | }; |
| 687 | |
| 688 | static struct kobj_type fec_ktype = { |
| 689 | .sysfs_ops = &kobj_sysfs_ops, |
| 690 | .default_attrs = fec_attrs |
| 691 | }; |
| 692 | |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 693 | /* |
| 694 | * Allocate dm_verity_fec for v->fec. Must be called before verity_fec_ctr. |
| 695 | */ |
| 696 | int verity_fec_ctr_alloc(struct dm_verity *v) |
| 697 | { |
| 698 | struct dm_verity_fec *f; |
| 699 | |
| 700 | f = kzalloc(sizeof(struct dm_verity_fec), GFP_KERNEL); |
| 701 | if (!f) { |
| 702 | v->ti->error = "Cannot allocate FEC structure"; |
| 703 | return -ENOMEM; |
| 704 | } |
| 705 | v->fec = f; |
| 706 | |
| 707 | return 0; |
| 708 | } |
| 709 | |
| 710 | /* |
| 711 | * Validate arguments and preallocate memory. Must be called after arguments |
| 712 | * have been parsed using verity_fec_parse_opt_args. |
| 713 | */ |
| 714 | int verity_fec_ctr(struct dm_verity *v) |
| 715 | { |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 716 | int r; |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 717 | struct dm_verity_fec *f = v->fec; |
| 718 | struct dm_target *ti = v->ti; |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 719 | struct mapped_device *md = dm_table_get_md(ti->table); |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 720 | u64 hash_blocks; |
| 721 | |
| 722 | if (!verity_fec_is_enabled(v)) { |
| 723 | verity_fec_dtr(v); |
| 724 | return 0; |
| 725 | } |
| 726 | |
Sami Tolvanen | dc99440 | 2016-03-30 14:10:13 -0700 | [diff] [blame] | 727 | /* Create a kobject and sysfs attributes */ |
| 728 | init_completion(&f->kobj_holder.completion); |
| 729 | |
| 730 | r = kobject_init_and_add(&f->kobj_holder.kobj, &fec_ktype, |
| 731 | &disk_to_dev(dm_disk(md))->kobj, "%s", "fec"); |
| 732 | if (r) { |
| 733 | ti->error = "Cannot create kobject"; |
| 734 | return r; |
| 735 | } |
| 736 | |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 737 | /* |
| 738 | * FEC is computed over data blocks, possible metadata, and |
| 739 | * hash blocks. In other words, FEC covers total of fec_blocks |
| 740 | * blocks consisting of the following: |
| 741 | * |
| 742 | * data blocks | hash blocks | metadata (optional) |
| 743 | * |
| 744 | * We allow metadata after hash blocks to support a use case |
| 745 | * where all data is stored on the same device and FEC covers |
| 746 | * the entire area. |
| 747 | * |
| 748 | * If metadata is included, we require it to be available on the |
| 749 | * hash device after the hash blocks. |
| 750 | */ |
| 751 | |
| 752 | hash_blocks = v->hash_blocks - v->hash_start; |
| 753 | |
| 754 | /* |
| 755 | * Require matching block sizes for data and hash devices for |
| 756 | * simplicity. |
| 757 | */ |
| 758 | if (v->data_dev_block_bits != v->hash_dev_block_bits) { |
| 759 | ti->error = "Block sizes must match to use FEC"; |
| 760 | return -EINVAL; |
| 761 | } |
| 762 | |
| 763 | if (!f->roots) { |
| 764 | ti->error = "Missing " DM_VERITY_OPT_FEC_ROOTS; |
| 765 | return -EINVAL; |
| 766 | } |
| 767 | f->rsn = DM_VERITY_FEC_RSM - f->roots; |
| 768 | |
| 769 | if (!f->blocks) { |
| 770 | ti->error = "Missing " DM_VERITY_OPT_FEC_BLOCKS; |
| 771 | return -EINVAL; |
| 772 | } |
| 773 | |
| 774 | f->rounds = f->blocks; |
| 775 | if (sector_div(f->rounds, f->rsn)) |
| 776 | f->rounds++; |
| 777 | |
| 778 | /* |
| 779 | * Due to optional metadata, f->blocks can be larger than |
| 780 | * data_blocks and hash_blocks combined. |
| 781 | */ |
| 782 | if (f->blocks < v->data_blocks + hash_blocks || !f->rounds) { |
| 783 | ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS; |
| 784 | return -EINVAL; |
| 785 | } |
| 786 | |
| 787 | /* |
| 788 | * Metadata is accessed through the hash device, so we require |
| 789 | * it to be large enough. |
| 790 | */ |
| 791 | f->hash_blocks = f->blocks - v->data_blocks; |
| 792 | if (dm_bufio_get_device_size(v->bufio) < f->hash_blocks) { |
| 793 | ti->error = "Hash device is too small for " |
| 794 | DM_VERITY_OPT_FEC_BLOCKS; |
| 795 | return -E2BIG; |
| 796 | } |
| 797 | |
| 798 | f->bufio = dm_bufio_client_create(f->dev->bdev, |
| 799 | 1 << v->data_dev_block_bits, |
| 800 | 1, 0, NULL, NULL); |
| 801 | if (IS_ERR(f->bufio)) { |
| 802 | ti->error = "Cannot initialize FEC bufio client"; |
| 803 | return PTR_ERR(f->bufio); |
| 804 | } |
| 805 | |
| 806 | if (dm_bufio_get_device_size(f->bufio) < |
| 807 | ((f->start + f->rounds * f->roots) >> v->data_dev_block_bits)) { |
| 808 | ti->error = "FEC device is too small"; |
| 809 | return -E2BIG; |
| 810 | } |
| 811 | |
| 812 | f->data_bufio = dm_bufio_client_create(v->data_dev->bdev, |
| 813 | 1 << v->data_dev_block_bits, |
| 814 | 1, 0, NULL, NULL); |
| 815 | if (IS_ERR(f->data_bufio)) { |
| 816 | ti->error = "Cannot initialize FEC data bufio client"; |
| 817 | return PTR_ERR(f->data_bufio); |
| 818 | } |
| 819 | |
| 820 | if (dm_bufio_get_device_size(f->data_bufio) < v->data_blocks) { |
| 821 | ti->error = "Data device is too small"; |
| 822 | return -E2BIG; |
| 823 | } |
| 824 | |
| 825 | /* Preallocate an rs_control structure for each worker thread */ |
| 826 | f->rs_pool = mempool_create(num_online_cpus(), fec_rs_alloc, |
| 827 | fec_rs_free, (void *) v); |
| 828 | if (!f->rs_pool) { |
| 829 | ti->error = "Cannot allocate RS pool"; |
| 830 | return -ENOMEM; |
| 831 | } |
| 832 | |
| 833 | f->cache = kmem_cache_create("dm_verity_fec_buffers", |
| 834 | f->rsn << DM_VERITY_FEC_BUF_RS_BITS, |
| 835 | 0, 0, NULL); |
| 836 | if (!f->cache) { |
| 837 | ti->error = "Cannot create FEC buffer cache"; |
| 838 | return -ENOMEM; |
| 839 | } |
| 840 | |
| 841 | /* Preallocate DM_VERITY_FEC_BUF_PREALLOC buffers for each thread */ |
| 842 | f->prealloc_pool = mempool_create_slab_pool(num_online_cpus() * |
| 843 | DM_VERITY_FEC_BUF_PREALLOC, |
| 844 | f->cache); |
| 845 | if (!f->prealloc_pool) { |
| 846 | ti->error = "Cannot allocate FEC buffer prealloc pool"; |
| 847 | return -ENOMEM; |
| 848 | } |
| 849 | |
| 850 | f->extra_pool = mempool_create_slab_pool(0, f->cache); |
| 851 | if (!f->extra_pool) { |
| 852 | ti->error = "Cannot allocate FEC buffer extra pool"; |
| 853 | return -ENOMEM; |
| 854 | } |
| 855 | |
| 856 | /* Preallocate an output buffer for each thread */ |
| 857 | f->output_pool = mempool_create_kmalloc_pool(num_online_cpus(), |
| 858 | 1 << v->data_dev_block_bits); |
| 859 | if (!f->output_pool) { |
| 860 | ti->error = "Cannot allocate FEC output pool"; |
| 861 | return -ENOMEM; |
| 862 | } |
| 863 | |
| 864 | /* Reserve space for our per-bio data */ |
Mike Snitzer | 30187e1 | 2016-01-31 13:28:26 -0500 | [diff] [blame] | 865 | ti->per_io_data_size += sizeof(struct dm_verity_fec_io); |
Sami Tolvanen | a739ff3 | 2015-12-03 14:26:30 +0000 | [diff] [blame] | 866 | |
| 867 | return 0; |
| 868 | } |