Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / refs/tags/rel/11/fp3/8901.4.A.0016.6 / . / drivers / md / dm-verity-target.c
blob: 8f644879f277294d5b0effb6e945db54b98b5f32 [file] [log] [blame]
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1/*
2 * Copyright (C) 2012 Red Hat, Inc.
3 *
4 * Author: Mikulas Patocka <mpatocka@redhat.com>
5 *
6 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
7 *
8 * This file is released under the GPLv2.
9 *
10 * In the file "/sys/module/dm_verity/parameters/prefetch_cluster" you can set
11 * default prefetch value. Data are read in "prefetch_cluster" chunks from the
12 * hash device. Setting this greatly improves performance when data and hash
13 * are on the same disk on different partitions on devices with poor random
14 * access behavior.
15 */
16
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]17#include "dm-verity.h"
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]18#include "dm-verity-fec.h"
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]19
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]20#include <linux/delay.h>
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]21#include <linux/module.h>
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]22#include <linux/reboot.h>
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]23#include <linux/vmalloc.h>
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]24
25#define DM_MSG_PREFIX "verity"
26
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]27#define DM_VERITY_ENV_LENGTH 42
28#define DM_VERITY_ENV_VAR_NAME "DM_VERITY_ERR_BLOCK_NR"
29
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]30#define DM_VERITY_DEFAULT_PREFETCH_SIZE 262144
31
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]32#define DM_VERITY_MAX_CORRUPTED_ERRS 100
33
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]34#define DM_VERITY_OPT_DEVICE_WAIT "device_wait"
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]35#define DM_VERITY_OPT_LOGGING "ignore_corruption"
36#define DM_VERITY_OPT_RESTART "restart_on_corruption"
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]37#define DM_VERITY_OPT_IGN_ZEROES "ignore_zero_blocks"
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]38#define DM_VERITY_OPT_AT_MOST_ONCE "check_at_most_once"
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]39
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]40#define DM_VERITY_OPTS_MAX (3 + DM_VERITY_OPTS_FEC)
Sami Tolvanen753c1fd2015-11-05 02:02:32 +0000[diff] [blame]41
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]42static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE;
43
44module_param_named(prefetch_cluster, dm_verity_prefetch_cluster, uint, S_IRUGO | S_IWUSR);
45
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]46static int dm_device_wait;
47
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]48struct dm_verity_prefetch_work {
49 struct work_struct work;
50 struct dm_verity *v;
51 sector_t block;
52 unsigned n_blocks;
53};
54
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]55/*
56 * Auxiliary structure appended to each dm-bufio buffer. If the value
57 * hash_verified is nonzero, hash of the block has been verified.
58 *
59 * The variable hash_verified is set to 0 when allocating the buffer, then
60 * it can be changed to 1 and it is never reset to 0 again.
61 *
62 * There is no lock around this value, a race condition can at worst cause
63 * that multiple processes verify the hash of the same buffer simultaneously
64 * and write 1 to hash_verified simultaneously.
65 * This condition is harmless, so we don't need locking.
66 */
67struct buffer_aux {
68 int hash_verified;
69};
Hyeongseok Kimf1a09802020-12-08 22:46:49 +0530[diff] [blame]70/*
71 * While system shutdown, skip verity work for I/O error.
72 */
73static inline bool verity_is_system_shutting_down(void)
74{
75 return system_state == SYSTEM_HALT || system_state == SYSTEM_POWER_OFF
76 || system_state == SYSTEM_RESTART;
77}
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]78
79/*
80 * Initialize struct buffer_aux for a freshly created buffer.
81 */
82static void dm_bufio_alloc_callback(struct dm_buffer *buf)
83{
84 struct buffer_aux *aux = dm_bufio_get_aux_data(buf);
85
86 aux->hash_verified = 0;
87}
88
89/*
90 * Translate input sector number to the sector number on the target device.
91 */
92static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector)
93{
94 return v->data_start + dm_target_offset(v->ti, bi_sector);
95}
96
97/*
98 * Return hash position of a specified block at a specified tree level
99 * (0 is the lowest level).
100 * The lowest "hash_per_block_bits"-bits of the result denote hash position
101 * inside a hash block. The remaining bits denote location of the hash block.
102 */
103static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
104 int level)
105{
106 return block >> (level * v->hash_per_block_bits);
107}
108
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]109/*
110 * Wrapper for crypto_shash_init, which handles verity salting.
111 */
112static int verity_hash_init(struct dm_verity *v, struct shash_desc *desc)
113{
114 int r;
115
116 desc->tfm = v->tfm;
117 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
118
119 r = crypto_shash_init(desc);
120
121 if (unlikely(r < 0)) {
122 DMERR("crypto_shash_init failed: %d", r);
123 return r;
124 }
125
126 if (likely(v->version >= 1)) {
127 r = crypto_shash_update(desc, v->salt, v->salt_size);
128
129 if (unlikely(r < 0)) {
130 DMERR("crypto_shash_update failed: %d", r);
131 return r;
132 }
133 }
134
135 return 0;
136}
137
138static int verity_hash_update(struct dm_verity *v, struct shash_desc *desc,
139 const u8 *data, size_t len)
140{
141 int r = crypto_shash_update(desc, data, len);
142
143 if (unlikely(r < 0))
144 DMERR("crypto_shash_update failed: %d", r);
145
146 return r;
147}
148
149static int verity_hash_final(struct dm_verity *v, struct shash_desc *desc,
150 u8 *digest)
151{
152 int r;
153
154 if (unlikely(!v->version)) {
155 r = crypto_shash_update(desc, v->salt, v->salt_size);
156
157 if (r < 0) {
158 DMERR("crypto_shash_update failed: %d", r);
159 return r;
160 }
161 }
162
163 r = crypto_shash_final(desc, digest);
164
165 if (unlikely(r < 0))
166 DMERR("crypto_shash_final failed: %d", r);
167
168 return r;
169}
170
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]171int verity_hash(struct dm_verity *v, struct shash_desc *desc,
172 const u8 *data, size_t len, u8 *digest)
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]173{
174 int r;
175
176 r = verity_hash_init(v, desc);
177 if (unlikely(r < 0))
178 return r;
179
180 r = verity_hash_update(v, desc, data, len);
181 if (unlikely(r < 0))
182 return r;
183
184 return verity_hash_final(v, desc, digest);
185}
186
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]187static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
188 sector_t *hash_block, unsigned *offset)
189{
190 sector_t position = verity_position_at_level(v, block, level);
191 unsigned idx;
192
193 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits);
194
195 if (!offset)
196 return;
197
198 idx = position & ((1 << v->hash_per_block_bits) - 1);
199 if (!v->version)
200 *offset = idx * v->digest_size;
201 else
202 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits);
203}
204
205/*
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]206 * Handle verification errors.
207 */
208static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
209 unsigned long long block)
210{
211 char verity_env[DM_VERITY_ENV_LENGTH];
212 char *envp[] = { verity_env, NULL };
213 const char *type_str = "";
214 struct mapped_device *md = dm_table_get_md(v->ti->table);
215
216 /* Corruption should be visible in device status in all modes */
217 v->hash_failed = 1;
218
219 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS)
220 goto out;
221
222 v->corrupted_errs++;
223
224 switch (type) {
225 case DM_VERITY_BLOCK_TYPE_DATA:
226 type_str = "data";
227 break;
228 case DM_VERITY_BLOCK_TYPE_METADATA:
229 type_str = "metadata";
230 break;
231 default:
232 BUG();
233 }
234
Milan Broz7357feb2019-06-20 13:00:19 +0200[diff] [blame]235 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name,
236 type_str, block);
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]237
238 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS)
239 DMERR("%s: reached maximum errors", v->data_dev->name);
240
241 snprintf(verity_env, DM_VERITY_ENV_LENGTH, "%s=%d,%llu",
242 DM_VERITY_ENV_VAR_NAME, type, block);
243
244 kobject_uevent_env(&disk_to_dev(dm_disk(md))->kobj, KOBJ_CHANGE, envp);
245
246out:
247 if (v->mode == DM_VERITY_MODE_LOGGING)
248 return 0;
249
David Zeuthen9dc978d2017-01-24 13:17:01 -0500[diff] [blame]250 if (v->mode == DM_VERITY_MODE_RESTART) {
251#ifdef CONFIG_DM_VERITY_AVB
252 dm_verity_avb_error_handler();
253#endif
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]254 kernel_restart("dm-verity device corrupted");
David Zeuthen9dc978d2017-01-24 13:17:01 -0500[diff] [blame]255 }
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]256
257 return 1;
258}
259
260/*
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]261 * Verify hash of a metadata block pertaining to the specified data block
262 * ("block" argument) at a specified level ("level" argument).
263 *
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]264 * On successful return, verity_io_want_digest(v, io) contains the hash value
265 * for a lower tree level or for the data block (if we're at the lowest level).
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]266 *
267 * If "skip_unverified" is true, unverified buffer is skipped and 1 is returned.
268 * If "skip_unverified" is false, unverified buffer is hashed and verified
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]269 * against current value of verity_io_want_digest(v, io).
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]270 */
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]271static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io,
272 sector_t block, int level, bool skip_unverified,
273 u8 *want_digest)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]274{
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]275 struct dm_buffer *buf;
276 struct buffer_aux *aux;
277 u8 *data;
278 int r;
279 sector_t hash_block;
280 unsigned offset;
281
282 verity_hash_at_level(v, block, level, &hash_block, &offset);
283
284 data = dm_bufio_read(v->bufio, hash_block, &buf);
viresh kumarfc0a4462015-08-10 11:42:26 +0530[diff] [blame]285 if (IS_ERR(data))
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]286 return PTR_ERR(data);
287
288 aux = dm_bufio_get_aux_data(buf);
289
290 if (!aux->hash_verified) {
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]291 if (skip_unverified) {
292 r = 1;
293 goto release_ret_r;
294 }
295
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]296 r = verity_hash(v, verity_io_hash_desc(v, io),
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]297 data, 1 << v->hash_dev_block_bits,
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]298 verity_io_real_digest(v, io));
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]299 if (unlikely(r < 0))
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]300 goto release_ret_r;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]301
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]302 if (likely(memcmp(verity_io_real_digest(v, io), want_digest,
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]303 v->digest_size) == 0))
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]304 aux->hash_verified = 1;
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]305 else if (verity_fec_decode(v, io,
306 DM_VERITY_BLOCK_TYPE_METADATA,
307 hash_block, data, NULL) == 0)
308 aux->hash_verified = 1;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]309 else if (verity_handle_err(v,
310 DM_VERITY_BLOCK_TYPE_METADATA,
311 hash_block)) {
312 r = -EIO;
313 goto release_ret_r;
314 }
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]315 }
316
317 data += offset;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]318 memcpy(want_digest, data, v->digest_size);
319 r = 0;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]320
321release_ret_r:
322 dm_bufio_release(buf);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]323 return r;
324}
325
326/*
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]327 * Find a hash for a given block, write it to digest and verify the integrity
328 * of the hash tree if necessary.
329 */
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]330int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]331 sector_t block, u8 *digest, bool *is_zero)
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]332{
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]333 int r = 0, i;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]334
335 if (likely(v->levels)) {
336 /*
337 * First, we try to get the requested hash for
338 * the current block. If the hash block itself is
339 * verified, zero is returned. If it isn't, this
340 * function returns 1 and we fall back to whole
341 * chain verification.
342 */
343 r = verity_verify_level(v, io, block, 0, true, digest);
344 if (likely(r <= 0))
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]345 goto out;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]346 }
347
348 memcpy(digest, v->root_digest, v->digest_size);
349
350 for (i = v->levels - 1; i >= 0; i--) {
351 r = verity_verify_level(v, io, block, i, false, digest);
352 if (unlikely(r))
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]353 goto out;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]354 }
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]355out:
356 if (!r && v->zero_digest)
357 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size);
358 else
359 *is_zero = false;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]360
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]361 return r;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]362}
363
364/*
Sami Tolvanenbb4d73a2015-12-03 16:30:36 -0500[diff] [blame]365 * Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec
366 * starting from iter.
367 */
368int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io,
369 struct bvec_iter *iter,
370 int (*process)(struct dm_verity *v,
371 struct dm_verity_io *io, u8 *data,
372 size_t len))
373{
374 unsigned todo = 1 << v->data_dev_block_bits;
Mike Snitzer30187e12016-01-31 13:28:26 -0500[diff] [blame]375 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
Sami Tolvanenbb4d73a2015-12-03 16:30:36 -0500[diff] [blame]376
377 do {
378 int r;
379 u8 *page;
380 unsigned len;
381 struct bio_vec bv = bio_iter_iovec(bio, *iter);
382
383 page = kmap_atomic(bv.bv_page);
384 len = bv.bv_len;
385
386 if (likely(len >= todo))
387 len = todo;
388
389 r = process(v, io, page + bv.bv_offset, len);
390 kunmap_atomic(page);
391
392 if (r < 0)
393 return r;
394
395 bio_advance_iter(bio, iter, len);
396 todo -= len;
397 } while (todo);
398
399 return 0;
400}
401
402static int verity_bv_hash_update(struct dm_verity *v, struct dm_verity_io *io,
403 u8 *data, size_t len)
404{
405 return verity_hash_update(v, verity_io_hash_desc(v, io), data, len);
406}
407
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]408static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io,
409 u8 *data, size_t len)
410{
411 memset(data, 0, len);
412 return 0;
413}
414
Sami Tolvanenbb4d73a2015-12-03 16:30:36 -0500[diff] [blame]415/*
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]416 * Moves the bio iter one data block forward.
417 */
418static inline void verity_bv_skip_block(struct dm_verity *v,
419 struct dm_verity_io *io,
420 struct bvec_iter *iter)
421{
422 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
423
424 bio_advance_iter(bio, iter, 1 << v->data_dev_block_bits);
425}
426
427/*
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]428 * Verify one "dm_verity_io" structure.
429 */
430static int verity_verify_io(struct dm_verity_io *io)
431{
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]432 bool is_zero;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]433 struct dm_verity *v = io->v;
Sami Tolvanenbb4d73a2015-12-03 16:30:36 -0500[diff] [blame]434 struct bvec_iter start;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]435 unsigned b;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]436
437 for (b = 0; b < io->n_blocks; b++) {
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]438 int r;
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]439 sector_t cur_block = io->block + b;
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]440 struct shash_desc *desc = verity_io_hash_desc(v, io);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]441
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]442 if (v->validated_blocks &&
443 likely(test_bit(cur_block, v->validated_blocks))) {
444 verity_bv_skip_block(v, io, &io->iter);
445 continue;
446 }
447
448 r = verity_hash_for_block(v, io, cur_block,
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]449 verity_io_want_digest(v, io),
450 &is_zero);
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]451 if (unlikely(r < 0))
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]452 return r;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]453
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]454 if (is_zero) {
455 /*
456 * If we expect a zero block, don't validate, just
457 * return zeros.
458 */
459 r = verity_for_bv_block(v, io, &io->iter,
460 verity_bv_zero);
461 if (unlikely(r < 0))
462 return r;
463
464 continue;
465 }
466
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]467 r = verity_hash_init(v, desc);
468 if (unlikely(r < 0))
469 return r;
470
Sami Tolvanenbb4d73a2015-12-03 16:30:36 -0500[diff] [blame]471 start = io->iter;
472 r = verity_for_bv_block(v, io, &io->iter, verity_bv_hash_update);
473 if (unlikely(r < 0))
474 return r;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]475
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]476 r = verity_hash_final(v, desc, verity_io_real_digest(v, io));
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]477 if (unlikely(r < 0))
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]478 return r;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]479
Sami Tolvanenffa39382015-12-03 16:01:51 -0500[diff] [blame]480 if (likely(memcmp(verity_io_real_digest(v, io),
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]481 verity_io_want_digest(v, io), v->digest_size) == 0)) {
482 if (v->validated_blocks)
483 set_bit(cur_block, v->validated_blocks);
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]484 continue;
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]485 }
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]486 else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA,
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]487 cur_block, NULL, &start) == 0)
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]488 continue;
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]489 else if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA,
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]490 cur_block))
Sami Tolvanen6dbeda32015-11-05 02:02:31 +0000[diff] [blame]491 return -EIO;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]492 }
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]493
494 return 0;
495}
496
497/*
498 * End one "io" structure with a given error.
499 */
500static void verity_finish_io(struct dm_verity_io *io, int error)
501{
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]502 struct dm_verity *v = io->v;
Mike Snitzer30187e12016-01-31 13:28:26 -0500[diff] [blame]503 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]504
505 bio->bi_end_io = io->orig_bi_end_io;
Christoph Hellwig4246a0b2015-07-20 15:29:37 +0200[diff] [blame]506 bio->bi_error = error;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]507
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]508 verity_fec_finish_io(io);
509
Christoph Hellwig4246a0b2015-07-20 15:29:37 +0200[diff] [blame]510 bio_endio(bio);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]511}
512
513static void verity_work(struct work_struct *w)
514{
515 struct dm_verity_io *io = container_of(w, struct dm_verity_io, work);
516
517 verity_finish_io(io, verity_verify_io(io));
518}
519
Christoph Hellwig4246a0b2015-07-20 15:29:37 +0200[diff] [blame]520static void verity_end_io(struct bio *bio)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]521{
522 struct dm_verity_io *io = bio->bi_private;
523
Hyeongseok Kimf1a09802020-12-08 22:46:49 +0530[diff] [blame]524 if (bio->bi_error &&
525 (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) {
Christoph Hellwig4246a0b2015-07-20 15:29:37 +0200[diff] [blame]526 verity_finish_io(io, bio->bi_error);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]527 return;
528 }
529
530 INIT_WORK(&io->work, verity_work);
531 queue_work(io->v->verify_wq, &io->work);
532}
533
534/*
535 * Prefetch buffers for the specified io.
536 * The root buffer is not prefetched, it is assumed that it will be cached
537 * all the time.
538 */
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]539static void verity_prefetch_io(struct work_struct *work)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]540{
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]541 struct dm_verity_prefetch_work *pw =
542 container_of(work, struct dm_verity_prefetch_work, work);
543 struct dm_verity *v = pw->v;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]544 int i;
545
546 for (i = v->levels - 2; i >= 0; i--) {
547 sector_t hash_block_start;
548 sector_t hash_block_end;
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]549 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL);
550 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]551 if (!i) {
Mikulas Patockafe5fe902012-10-12 16:59:46 +0100[diff] [blame]552 unsigned cluster = ACCESS_ONCE(dm_verity_prefetch_cluster);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]553
554 cluster >>= v->data_dev_block_bits;
555 if (unlikely(!cluster))
556 goto no_prefetch_cluster;
557
558 if (unlikely(cluster & (cluster - 1)))
Mikulas Patocka553d8fe2013-07-10 23:41:17 +0100[diff] [blame]559 cluster = 1 << __fls(cluster);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]560
561 hash_block_start &= ~(sector_t)(cluster - 1);
562 hash_block_end |= cluster - 1;
563 if (unlikely(hash_block_end >= v->hash_blocks))
564 hash_block_end = v->hash_blocks - 1;
565 }
566no_prefetch_cluster:
567 dm_bufio_prefetch(v->bufio, hash_block_start,
Sami Tolvanena8a3bec2019-01-10 16:09:03 -0800[diff] [blame]568 hash_block_end - hash_block_start + 1);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]569 }
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]570
571 kfree(pw);
572}
573
574static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io)
575{
576 struct dm_verity_prefetch_work *pw;
577
578 pw = kmalloc(sizeof(struct dm_verity_prefetch_work),
579 GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN);
580
581 if (!pw)
582 return;
583
584 INIT_WORK(&pw->work, verity_prefetch_io);
585 pw->v = v;
586 pw->block = io->block;
587 pw->n_blocks = io->n_blocks;
588 queue_work(v->verify_wq, &pw->work);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]589}
590
591/*
592 * Bio map function. It allocates dm_verity_io structure and bio vector and
593 * fills them. Then it issues prefetches and the I/O.
594 */
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]595int verity_map(struct dm_target *ti, struct bio *bio)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]596{
597 struct dm_verity *v = ti->private;
598 struct dm_verity_io *io;
599
600 bio->bi_bdev = v->data_dev->bdev;
Kent Overstreet4f024f32013-10-11 15:44:27 -0700[diff] [blame]601 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]602
Kent Overstreet4f024f32013-10-11 15:44:27 -0700[diff] [blame]603 if (((unsigned)bio->bi_iter.bi_sector | bio_sectors(bio)) &
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]604 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) {
605 DMERR_LIMIT("unaligned io");
606 return -EIO;
607 }
608
Kent Overstreetf73a1c72012-09-25 15:05:12 -0700[diff] [blame]609 if (bio_end_sector(bio) >>
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]610 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
611 DMERR_LIMIT("io out of range");
612 return -EIO;
613 }
614
615 if (bio_data_dir(bio) == WRITE)
616 return -EIO;
617
Mike Snitzer30187e12016-01-31 13:28:26 -0500[diff] [blame]618 io = dm_per_bio_data(bio, ti->per_io_data_size);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]619 io->v = v;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]620 io->orig_bi_end_io = bio->bi_end_io;
Kent Overstreet4f024f32013-10-11 15:44:27 -0700[diff] [blame]621 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
622 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]623
624 bio->bi_end_io = verity_end_io;
625 bio->bi_private = io;
Kent Overstreet003b5c52013-10-11 15:45:43 -0700[diff] [blame]626 io->iter = bio->bi_iter;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]627
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]628 verity_fec_init_io(io);
629
Mikulas Patocka3b6b7812013-03-20 17:21:25 +0000[diff] [blame]630 verity_submit_prefetch(v, io);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]631
632 generic_make_request(bio);
633
634 return DM_MAPIO_SUBMITTED;
635}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]636EXPORT_SYMBOL_GPL(verity_map);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]637
638/*
639 * Status: V (valid) or C (corruption found)
640 */
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]641void verity_status(struct dm_target *ti, status_type_t type,
Mikulas Patockafd7c0922013-03-01 22:45:44 +0000[diff] [blame]642 unsigned status_flags, char *result, unsigned maxlen)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]643{
644 struct dm_verity *v = ti->private;
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]645 unsigned args = 0;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]646 unsigned sz = 0;
647 unsigned x;
648
649 switch (type) {
650 case STATUSTYPE_INFO:
651 DMEMIT("%c", v->hash_failed ? 'C' : 'V');
652 break;
653 case STATUSTYPE_TABLE:
654 DMEMIT("%u %s %s %u %u %llu %llu %s ",
655 v->version,
656 v->data_dev->name,
657 v->hash_dev->name,
658 1 << v->data_dev_block_bits,
659 1 << v->hash_dev_block_bits,
660 (unsigned long long)v->data_blocks,
661 (unsigned long long)v->hash_start,
662 v->alg_name
663 );
664 for (x = 0; x < v->digest_size; x++)
665 DMEMIT("%02x", v->root_digest[x]);
666 DMEMIT(" ");
667 if (!v->salt_size)
668 DMEMIT("-");
669 else
670 for (x = 0; x < v->salt_size; x++)
671 DMEMIT("%02x", v->salt[x]);
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]672 if (v->mode != DM_VERITY_MODE_EIO)
673 args++;
674 if (verity_fec_is_enabled(v))
675 args += DM_VERITY_OPTS_FEC;
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]676 if (v->zero_digest)
677 args++;
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]678 if (v->validated_blocks)
679 args++;
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]680 if (!args)
681 return;
682 DMEMIT(" %u", args);
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]683 if (v->mode != DM_VERITY_MODE_EIO) {
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]684 DMEMIT(" ");
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]685 switch (v->mode) {
686 case DM_VERITY_MODE_LOGGING:
687 DMEMIT(DM_VERITY_OPT_LOGGING);
688 break;
689 case DM_VERITY_MODE_RESTART:
690 DMEMIT(DM_VERITY_OPT_RESTART);
691 break;
692 default:
693 BUG();
694 }
695 }
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]696 if (v->zero_digest)
697 DMEMIT(" " DM_VERITY_OPT_IGN_ZEROES);
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]698 if (v->validated_blocks)
699 DMEMIT(" " DM_VERITY_OPT_AT_MOST_ONCE);
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]700 sz = verity_fec_status_table(v, sz, result, maxlen);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]701 break;
702 }
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]703}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]704EXPORT_SYMBOL_GPL(verity_status);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]705
Badhri Jagan Sridharan424861b2016-08-09 12:47:37 -0700[diff] [blame]706int verity_prepare_ioctl(struct dm_target *ti,
Christoph Hellwige56f81e2015-10-15 14:10:50 +0200[diff] [blame]707 struct block_device **bdev, fmode_t *mode)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]708{
709 struct dm_verity *v = ti->private;
Christoph Hellwige56f81e2015-10-15 14:10:50 +0200[diff] [blame]710
711 *bdev = v->data_dev->bdev;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]712
713 if (v->data_start ||
714 ti->len != i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT)
Christoph Hellwige56f81e2015-10-15 14:10:50 +0200[diff] [blame]715 return 1;
716 return 0;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]717}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]718EXPORT_SYMBOL_GPL(verity_prepare_ioctl);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]719
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]720int verity_iterate_devices(struct dm_target *ti,
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]721 iterate_devices_callout_fn fn, void *data)
722{
723 struct dm_verity *v = ti->private;
724
725 return fn(ti, v->data_dev, v->data_start, ti->len, data);
726}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]727EXPORT_SYMBOL_GPL(verity_iterate_devices);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]728
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]729void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]730{
731 struct dm_verity *v = ti->private;
732
733 if (limits->logical_block_size < 1 << v->data_dev_block_bits)
734 limits->logical_block_size = 1 << v->data_dev_block_bits;
735
736 if (limits->physical_block_size < 1 << v->data_dev_block_bits)
737 limits->physical_block_size = 1 << v->data_dev_block_bits;
738
739 blk_limits_io_min(limits, limits->logical_block_size);
740}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]741EXPORT_SYMBOL_GPL(verity_io_hints);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]742
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]743void verity_dtr(struct dm_target *ti)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]744{
745 struct dm_verity *v = ti->private;
746
747 if (v->verify_wq)
748 destroy_workqueue(v->verify_wq);
749
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]750 if (v->bufio)
751 dm_bufio_client_destroy(v->bufio);
752
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]753 vfree(v->validated_blocks);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]754 kfree(v->salt);
755 kfree(v->root_digest);
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]756 kfree(v->zero_digest);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]757
758 if (v->tfm)
759 crypto_free_shash(v->tfm);
760
761 kfree(v->alg_name);
762
763 if (v->hash_dev)
764 dm_put_device(ti, v->hash_dev);
765
766 if (v->data_dev)
767 dm_put_device(ti, v->data_dev);
768
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]769 verity_fec_dtr(v);
770
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]771 kfree(v);
772}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]773EXPORT_SYMBOL_GPL(verity_dtr);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]774
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]775static int verity_alloc_most_once(struct dm_verity *v)
776{
777 struct dm_target *ti = v->ti;
778
779 /* the bitset can only handle INT_MAX blocks */
780 if (v->data_blocks > INT_MAX) {
781 ti->error = "device too large to use check_at_most_once";
782 return -E2BIG;
783 }
784
785 v->validated_blocks = vzalloc(BITS_TO_LONGS(v->data_blocks) *
786 sizeof(unsigned long));
787 if (!v->validated_blocks) {
788 ti->error = "failed to allocate bitset for check_at_most_once";
789 return -ENOMEM;
790 }
791
792 return 0;
793}
794
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]795static int verity_alloc_zero_digest(struct dm_verity *v)
796{
797 int r = -ENOMEM;
798 struct shash_desc *desc;
799 u8 *zero_data;
800
801 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL);
802
803 if (!v->zero_digest)
804 return r;
805
806 desc = kmalloc(v->shash_descsize, GFP_KERNEL);
807
808 if (!desc)
809 return r; /* verity_dtr will free zero_digest */
810
811 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL);
812
813 if (!zero_data)
814 goto out;
815
816 r = verity_hash(v, desc, zero_data, 1 << v->data_dev_block_bits,
817 v->zero_digest);
818
819out:
820 kfree(desc);
821 kfree(zero_data);
822
823 return r;
824}
825
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]826static int verity_parse_pre_opt_args(struct dm_arg_set *as,
827 struct dm_verity *v)
828{
829 int r;
830 unsigned int argc;
831 const char *arg_name;
832 struct dm_target *ti = v->ti;
833 static struct dm_arg _args[] = {
834 {0, DM_VERITY_OPTS_MAX, "Invalid number of feature args"},
835 };
836
837 r = dm_read_arg_group(_args, as, &argc, &ti->error);
838 if (r)
839 return -EINVAL;
840
841 if (!argc)
842 return 0;
843
844 do {
845 arg_name = dm_shift_arg(as);
846 argc--;
847
848 if (!strcasecmp(arg_name, DM_VERITY_OPT_DEVICE_WAIT)) {
849 dm_device_wait = 1;
850 continue;
851 }
852
853 } while (argc);
854
855 return 0;
856}
857
Sami Tolvanen753c1fd2015-11-05 02:02:32 +0000[diff] [blame]858static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v)
859{
860 int r;
861 unsigned argc;
862 struct dm_target *ti = v->ti;
863 const char *arg_name;
864
865 static struct dm_arg _args[] = {
866 {0, DM_VERITY_OPTS_MAX, "Invalid number of feature args"},
867 };
868
869 r = dm_read_arg_group(_args, as, &argc, &ti->error);
870 if (r)
871 return -EINVAL;
872
873 if (!argc)
874 return 0;
875
876 do {
877 arg_name = dm_shift_arg(as);
878 argc--;
879
880 if (!strcasecmp(arg_name, DM_VERITY_OPT_LOGGING)) {
881 v->mode = DM_VERITY_MODE_LOGGING;
882 continue;
883
884 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_RESTART)) {
885 v->mode = DM_VERITY_MODE_RESTART;
886 continue;
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]887
Sami Tolvanen0cc37c22015-12-03 14:26:31 +0000[diff] [blame]888 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_IGN_ZEROES)) {
889 r = verity_alloc_zero_digest(v);
890 if (r) {
891 ti->error = "Cannot allocate zero digest";
892 return r;
893 }
894 continue;
895
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]896 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_AT_MOST_ONCE)) {
897 r = verity_alloc_most_once(v);
898 if (r)
899 return r;
900 continue;
901
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]902 } else if (verity_is_fec_opt_arg(arg_name)) {
903 r = verity_fec_parse_opt_args(as, v, &argc, arg_name);
904 if (r)
905 return r;
906 continue;
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]907 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_DEVICE_WAIT)) {
908 continue;
Sami Tolvanen753c1fd2015-11-05 02:02:32 +0000[diff] [blame]909 }
910
911 ti->error = "Unrecognized verity feature request";
912 return -EINVAL;
913 } while (argc && !r);
914
915 return r;
916}
917
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]918/*
919 * Target parameters:
920 * <version> The current format is version 1.
921 * Vsn 0 is compatible with original Chromium OS releases.
922 * <data device>
923 * <hash device>
924 * <data block size>
925 * <hash block size>
926 * <the number of data blocks>
927 * <hash start block>
928 * <algorithm>
929 * <digest>
930 * <salt> Hex string or "-" if no salt.
931 */
Badhri Jagan Sridharan8bb45a52015-12-14 20:09:39 -0800[diff] [blame]932int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]933{
934 struct dm_verity *v;
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]935 struct dm_arg_set as;
Sami Tolvanen753c1fd2015-11-05 02:02:32 +0000[diff] [blame]936 unsigned int num;
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]937 unsigned long long num_ll;
938 int r;
939 int i;
940 sector_t hash_position;
941 char dummy;
942
943 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL);
944 if (!v) {
945 ti->error = "Cannot allocate verity structure";
946 return -ENOMEM;
947 }
948 ti->private = v;
949 v->ti = ti;
950
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]951 r = verity_fec_ctr_alloc(v);
952 if (r)
953 goto bad;
954
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]955 if ((dm_table_get_mode(ti->table) & ~FMODE_READ)) {
956 ti->error = "Device must be readonly";
957 r = -EINVAL;
958 goto bad;
959 }
960
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]961 if (argc < 10) {
962 ti->error = "Not enough arguments";
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]963 r = -EINVAL;
964 goto bad;
965 }
966
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]967 /* Optional parameters which are parsed pre required args. */
968 if ((argc - 10)) {
969 as.argc = argc - 10;
970 as.argv = argv + 10;
971 r = verity_parse_pre_opt_args(&as, v);
972 if (r < 0)
973 goto bad;
974 }
975
Mikulas Patocka5d8be842013-07-10 23:41:17 +0100[diff] [blame]976 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 ||
977 num > 1) {
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]978 ti->error = "Invalid version";
979 r = -EINVAL;
980 goto bad;
981 }
982 v->version = num;
983
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]984retry_dev1:
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]985 r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev);
986 if (r) {
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]987 if (r == -ENODEV && dm_device_wait) {
988 msleep(100);
989 goto retry_dev1;
990 }
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]991 ti->error = "Data device lookup failed";
992 goto bad;
993 }
994
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]995retry_dev2:
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]996 r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev);
997 if (r) {
Neeraj Upadhyay9677b542018-09-14 09:20:39 +0530[diff] [blame]998 if (r == -ENODEV && dm_device_wait) {
999 msleep(100);
1000 goto retry_dev2;
1001 }
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1002 ti->error = "Data device lookup failed";
1003 goto bad;
1004 }
1005
1006 if (sscanf(argv[3], "%u%c", &num, &dummy) != 1 ||
1007 !num || (num & (num - 1)) ||
1008 num < bdev_logical_block_size(v->data_dev->bdev) ||
1009 num > PAGE_SIZE) {
1010 ti->error = "Invalid data device block size";
1011 r = -EINVAL;
1012 goto bad;
1013 }
Mikulas Patocka553d8fe2013-07-10 23:41:17 +0100[diff] [blame]1014 v->data_dev_block_bits = __ffs(num);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1015
1016 if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 ||
1017 !num || (num & (num - 1)) ||
1018 num < bdev_logical_block_size(v->hash_dev->bdev) ||
1019 num > INT_MAX) {
1020 ti->error = "Invalid hash device block size";
1021 r = -EINVAL;
1022 goto bad;
1023 }
Mikulas Patocka553d8fe2013-07-10 23:41:17 +0100[diff] [blame]1024 v->hash_dev_block_bits = __ffs(num);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1025
1026 if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 ||
Mikulas Patocka1d55f6b2012-09-26 23:45:48 +0100[diff] [blame]1027 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT))
1028 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) {
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1029 ti->error = "Invalid data blocks";
1030 r = -EINVAL;
1031 goto bad;
1032 }
1033 v->data_blocks = num_ll;
1034
1035 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) {
1036 ti->error = "Data device is too small";
1037 r = -EINVAL;
1038 goto bad;
1039 }
1040
1041 if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 ||
Mikulas Patocka1d55f6b2012-09-26 23:45:48 +0100[diff] [blame]1042 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT))
1043 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) {
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1044 ti->error = "Invalid hash start";
1045 r = -EINVAL;
1046 goto bad;
1047 }
1048 v->hash_start = num_ll;
1049
1050 v->alg_name = kstrdup(argv[7], GFP_KERNEL);
1051 if (!v->alg_name) {
1052 ti->error = "Cannot allocate algorithm name";
1053 r = -ENOMEM;
1054 goto bad;
1055 }
1056
1057 v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);
1058 if (IS_ERR(v->tfm)) {
1059 ti->error = "Cannot initialize hash function";
1060 r = PTR_ERR(v->tfm);
1061 v->tfm = NULL;
1062 goto bad;
1063 }
Eric Biggers2ca7ab12018-12-05 20:54:13 -0800[diff] [blame]1064
1065 /*
1066 * dm-verity performance can vary greatly depending on which hash
1067 * algorithm implementation is used. Help people debug performance
1068 * problems by logging the ->cra_driver_name.
1069 */
1070 DMINFO("%s using implementation \"%s\"", v->alg_name,
1071 crypto_shash_alg(v->tfm)->base.cra_driver_name);
1072
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1073 v->digest_size = crypto_shash_digestsize(v->tfm);
1074 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
1075 ti->error = "Digest size too big";
1076 r = -EINVAL;
1077 goto bad;
1078 }
1079 v->shash_descsize =
1080 sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);
1081
1082 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
1083 if (!v->root_digest) {
1084 ti->error = "Cannot allocate root digest";
1085 r = -ENOMEM;
1086 goto bad;
1087 }
1088 if (strlen(argv[8]) != v->digest_size * 2 ||
1089 hex2bin(v->root_digest, argv[8], v->digest_size)) {
1090 ti->error = "Invalid root digest";
1091 r = -EINVAL;
1092 goto bad;
1093 }
1094
1095 if (strcmp(argv[9], "-")) {
1096 v->salt_size = strlen(argv[9]) / 2;
1097 v->salt = kmalloc(v->salt_size, GFP_KERNEL);
1098 if (!v->salt) {
1099 ti->error = "Cannot allocate salt";
1100 r = -ENOMEM;
1101 goto bad;
1102 }
1103 if (strlen(argv[9]) != v->salt_size * 2 ||
1104 hex2bin(v->salt, argv[9], v->salt_size)) {
1105 ti->error = "Invalid salt";
1106 r = -EINVAL;
1107 goto bad;
1108 }
1109 }
1110
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]1111 argv += 10;
1112 argc -= 10;
1113
1114 /* Optional parameters */
1115 if (argc) {
1116 as.argc = argc;
1117 as.argv = argv;
1118
Sami Tolvanen753c1fd2015-11-05 02:02:32 +0000[diff] [blame]1119 r = verity_parse_opt_args(&as, v);
1120 if (r < 0)
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]1121 goto bad;
Sami Tolvanen65ff5b72015-03-18 15:52:14 +0000[diff] [blame]1122 }
1123
Patrik Torstensson7143cbf2018-04-13 15:34:48 -0700[diff] [blame]1124#ifdef CONFIG_DM_ANDROID_VERITY_AT_MOST_ONCE_DEFAULT_ENABLED
1125 if (!v->validated_blocks) {
1126 r = verity_alloc_most_once(v);
1127 if (r)
1128 goto bad;
1129 }
1130#endif
1131
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1132 v->hash_per_block_bits =
Mikulas Patocka553d8fe2013-07-10 23:41:17 +0100[diff] [blame]1133 __fls((1 << v->hash_dev_block_bits) / v->digest_size);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1134
1135 v->levels = 0;
1136 if (v->data_blocks)
1137 while (v->hash_per_block_bits * v->levels < 64 &&
1138 (unsigned long long)(v->data_blocks - 1) >>
1139 (v->hash_per_block_bits * v->levels))
1140 v->levels++;
1141
1142 if (v->levels > DM_VERITY_MAX_LEVELS) {
1143 ti->error = "Too many tree levels";
1144 r = -E2BIG;
1145 goto bad;
1146 }
1147
1148 hash_position = v->hash_start;
1149 for (i = v->levels - 1; i >= 0; i--) {
1150 sector_t s;
1151 v->hash_level_block[i] = hash_position;
Mikulas Patockab1bf2de2013-07-10 23:41:16 +0100[diff] [blame]1152 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1)
1153 >> ((i + 1) * v->hash_per_block_bits);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1154 if (hash_position + s < hash_position) {
1155 ti->error = "Hash device offset overflow";
1156 r = -E2BIG;
1157 goto bad;
1158 }
1159 hash_position += s;
1160 }
1161 v->hash_blocks = hash_position;
1162
1163 v->bufio = dm_bufio_client_create(v->hash_dev->bdev,
1164 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux),
1165 dm_bufio_alloc_callback, NULL);
1166 if (IS_ERR(v->bufio)) {
1167 ti->error = "Cannot initialize dm-bufio";
1168 r = PTR_ERR(v->bufio);
1169 v->bufio = NULL;
1170 goto bad;
1171 }
1172
1173 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) {
1174 ti->error = "Hash device is too small";
1175 r = -E2BIG;
1176 goto bad;
1177 }
1178
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1179 /* WQ_UNBOUND greatly improves performance when running on ramdisk */
1180 v->verify_wq = alloc_workqueue("kverityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, num_online_cpus());
1181 if (!v->verify_wq) {
1182 ti->error = "Cannot allocate workqueue";
1183 r = -ENOMEM;
1184 goto bad;
1185 }
1186
Mike Snitzer30187e12016-01-31 13:28:26 -0500[diff] [blame]1187 ti->per_io_data_size = sizeof(struct dm_verity_io) +
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]1188 v->shash_descsize + v->digest_size * 2;
1189
1190 r = verity_fec_ctr(v);
1191 if (r)
1192 goto bad;
1193
Mike Snitzer30187e12016-01-31 13:28:26 -0500[diff] [blame]1194 ti->per_io_data_size = roundup(ti->per_io_data_size,
1195 __alignof__(struct dm_verity_io));
Sami Tolvanena739ff32015-12-03 14:26:30 +0000[diff] [blame]1196
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1197 return 0;
1198
1199bad:
1200 verity_dtr(ti);
1201
1202 return r;
1203}
Badhri Jagan Sridharan92194572016-08-23 11:32:37 -0700[diff] [blame]1204EXPORT_SYMBOL_GPL(verity_ctr);
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1205
1206static struct target_type verity_target = {
1207 .name = "verity",
Patrik Torstensson142d4b52018-03-22 18:18:04 -0700[diff] [blame]1208 .version = {1, 4, 0},
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1209 .module = THIS_MODULE,
1210 .ctr = verity_ctr,
1211 .dtr = verity_dtr,
1212 .map = verity_map,
1213 .status = verity_status,
Christoph Hellwige56f81e2015-10-15 14:10:50 +0200[diff] [blame]1214 .prepare_ioctl = verity_prepare_ioctl,
Mikulas Patockaa4ffc152012-03-28 18:43:38 +0100[diff] [blame]1215 .iterate_devices = verity_iterate_devices,
1216 .io_hints = verity_io_hints,
1217};
1218
1219static int __init dm_verity_init(void)
1220{
1221 int r;
1222
1223 r = dm_register_target(&verity_target);
1224 if (r < 0)
1225 DMERR("register failed %d", r);
1226
1227 return r;
1228}
1229
1230static void __exit dm_verity_exit(void)
1231{
1232 dm_unregister_target(&verity_target);
1233}
1234
1235module_init(dm_verity_init);
1236module_exit(dm_verity_exit);
1237
1238MODULE_AUTHOR("Mikulas Patocka <mpatocka@redhat.com>");
1239MODULE_AUTHOR("Mandeep Baines <msb@chromium.org>");
1240MODULE_AUTHOR("Will Drewry <wad@chromium.org>");
1241MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking");
1242MODULE_LICENSE("GPL");