Lines Matching refs:v
53 struct dm_verity *v; member
87 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
89 return v->data_start + dm_target_offset(v->ti, bi_sector); in verity_map_sector()
98 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
101 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
104 static int verity_hash_update(struct dm_verity *v, struct ahash_request *req, in verity_hash_update() argument
137 static int verity_hash_init(struct dm_verity *v, struct ahash_request *req, in verity_hash_init() argument
142 ahash_request_set_tfm(req, v->tfm); in verity_hash_init()
155 if (likely(v->salt_size && (v->version >= 1))) in verity_hash_init()
156 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_init()
161 static int verity_hash_final(struct dm_verity *v, struct ahash_request *req, in verity_hash_final() argument
166 if (unlikely(v->salt_size && (!v->version))) { in verity_hash_final()
167 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_final()
181 int verity_hash(struct dm_verity *v, struct ahash_request *req, in verity_hash() argument
187 r = verity_hash_init(v, req, &wait); in verity_hash()
191 r = verity_hash_update(v, req, data, len, &wait); in verity_hash()
195 r = verity_hash_final(v, req, digest, &wait); in verity_hash()
201 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
204 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
207 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
212 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
213 if (!v->version) in verity_hash_at_level()
214 *offset = idx * v->digest_size; in verity_hash_at_level()
216 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
222 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
228 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
231 v->hash_failed = true; in verity_handle_err()
233 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
236 v->corrupted_errs++; in verity_handle_err()
249 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
252 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) { in verity_handle_err()
253 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
254 dm_audit_log_target(DM_MSG_PREFIX, "max-corrupted-errors", v->ti, 0); in verity_handle_err()
263 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
266 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
269 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
286 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
297 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
300 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
310 data = dm_bufio_read(v->bufio, hash_block, &buf); in verity_verify_level()
323 r = verity_hash(v, verity_io_hash_req(v, io), in verity_verify_level()
324 data, 1 << v->hash_dev_block_bits, in verity_verify_level()
325 verity_io_real_digest(v, io)); in verity_verify_level()
329 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, in verity_verify_level()
330 v->digest_size) == 0)) in verity_verify_level()
340 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
343 else if (verity_handle_err(v, in verity_verify_level()
348 v->ti->per_io_data_size); in verity_verify_level()
357 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
369 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
374 if (likely(v->levels)) { in verity_hash_for_block()
382 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
387 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
389 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
390 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
395 if (!r && v->zero_digest) in verity_hash_for_block()
396 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
406 static int verity_for_io_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_io_block() argument
409 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_io_block()
410 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_io_block()
412 struct ahash_request *req = verity_io_hash_req(v, io); in verity_for_io_block()
450 int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_bv_block() argument
452 int (*process)(struct dm_verity *v, in verity_for_bv_block() argument
456 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_bv_block()
457 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_bv_block()
471 r = process(v, io, page, len); in verity_for_bv_block()
484 static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io, in verity_bv_zero() argument
494 static inline void verity_bv_skip_block(struct dm_verity *v, in verity_bv_skip_block() argument
498 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_bv_skip_block()
500 bio_advance_iter(bio, iter, 1 << v->data_dev_block_bits); in verity_bv_skip_block()
509 struct dm_verity *v = io->v; in verity_verify_io() local
516 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
532 struct ahash_request *req = verity_io_hash_req(v, io); in verity_verify_io()
534 if (v->validated_blocks && bio->bi_status == BLK_STS_OK && in verity_verify_io()
535 likely(test_bit(cur_block, v->validated_blocks))) { in verity_verify_io()
536 verity_bv_skip_block(v, io, iter); in verity_verify_io()
540 r = verity_hash_for_block(v, io, cur_block, in verity_verify_io()
541 verity_io_want_digest(v, io), in verity_verify_io()
551 r = verity_for_bv_block(v, io, iter, in verity_verify_io()
559 r = verity_hash_init(v, req, &wait); in verity_verify_io()
564 if (verity_fec_is_enabled(v)) in verity_verify_io()
567 r = verity_for_io_block(v, io, iter, &wait); in verity_verify_io()
571 r = verity_hash_final(v, req, verity_io_real_digest(v, io), in verity_verify_io()
576 if (likely(memcmp(verity_io_real_digest(v, io), in verity_verify_io()
577 verity_io_want_digest(v, io), v->digest_size) == 0)) { in verity_verify_io()
578 if (v->validated_blocks) in verity_verify_io()
579 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
589 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
600 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
626 struct dm_verity *v = io->v; in verity_finish_io() local
627 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
658 queue_work(io->v->verify_wq, &io->work); in verity_tasklet()
670 (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) { in verity_end_io()
675 if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) { in verity_end_io()
680 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
693 struct dm_verity *v = pw->v; in verity_prefetch_io() local
696 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
700 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
701 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
706 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
715 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
716 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
719 dm_bufio_prefetch(v->bufio, hash_block_start, in verity_prefetch_io()
726 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io) in verity_submit_prefetch() argument
732 if (v->validated_blocks) { in verity_submit_prefetch()
733 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
738 v->validated_blocks)) in verity_submit_prefetch()
751 pw->v = v; in verity_submit_prefetch()
754 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
763 struct dm_verity *v = ti->private; in verity_map() local
766 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
767 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
770 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
776 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
785 io->v = v; in verity_map()
787 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
788 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
794 verity_submit_prefetch(v, io); in verity_map()
807 struct dm_verity *v = ti->private; in verity_status() local
814 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
818 v->version, in verity_status()
819 v->data_dev->name, in verity_status()
820 v->hash_dev->name, in verity_status()
821 1 << v->data_dev_block_bits, in verity_status()
822 1 << v->hash_dev_block_bits, in verity_status()
823 (unsigned long long)v->data_blocks, in verity_status()
824 (unsigned long long)v->hash_start, in verity_status()
825 v->alg_name in verity_status()
827 for (x = 0; x < v->digest_size; x++) in verity_status()
828 DMEMIT("%02x", v->root_digest[x]); in verity_status()
830 if (!v->salt_size) in verity_status()
833 for (x = 0; x < v->salt_size; x++) in verity_status()
834 DMEMIT("%02x", v->salt[x]); in verity_status()
835 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
837 if (verity_fec_is_enabled(v)) in verity_status()
839 if (v->zero_digest) in verity_status()
841 if (v->validated_blocks) in verity_status()
843 if (v->use_tasklet) in verity_status()
845 if (v->signature_key_desc) in verity_status()
850 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
852 switch (v->mode) { in verity_status()
866 if (v->zero_digest) in verity_status()
868 if (v->validated_blocks) in verity_status()
870 if (v->use_tasklet) in verity_status()
872 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
873 if (v->signature_key_desc) in verity_status()
875 " %s", v->signature_key_desc); in verity_status()
880 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
881 DMEMIT(",verity_version=%u", v->version); in verity_status()
882 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
883 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
884 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
887 for (x = 0; x < v->digest_size; x++) in verity_status()
888 DMEMIT("%02x", v->root_digest[x]); in verity_status()
891 if (!v->salt_size) in verity_status()
894 for (x = 0; x < v->salt_size; x++) in verity_status()
895 DMEMIT("%02x", v->salt[x]); in verity_status()
897 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
898 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
899 if (v->signature_key_desc) in verity_status()
900 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
902 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
904 switch (v->mode) { in verity_status()
925 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
927 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
929 if (v->data_start || ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
937 struct dm_verity *v = ti->private; in verity_iterate_devices() local
939 return fn(ti, v->data_dev, v->data_start, ti->len, data); in verity_iterate_devices()
944 struct dm_verity *v = ti->private; in verity_io_hints() local
946 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
947 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
949 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
950 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
957 struct dm_verity *v = ti->private; in verity_dtr() local
959 if (v->verify_wq) in verity_dtr()
960 destroy_workqueue(v->verify_wq); in verity_dtr()
962 if (v->bufio) in verity_dtr()
963 dm_bufio_client_destroy(v->bufio); in verity_dtr()
965 kvfree(v->validated_blocks); in verity_dtr()
966 kfree(v->salt); in verity_dtr()
967 kfree(v->root_digest); in verity_dtr()
968 kfree(v->zero_digest); in verity_dtr()
970 if (v->tfm) in verity_dtr()
971 crypto_free_ahash(v->tfm); in verity_dtr()
973 kfree(v->alg_name); in verity_dtr()
975 if (v->hash_dev) in verity_dtr()
976 dm_put_device(ti, v->hash_dev); in verity_dtr()
978 if (v->data_dev) in verity_dtr()
979 dm_put_device(ti, v->data_dev); in verity_dtr()
981 verity_fec_dtr(v); in verity_dtr()
983 kfree(v->signature_key_desc); in verity_dtr()
985 if (v->use_tasklet) in verity_dtr()
988 kfree(v); in verity_dtr()
993 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
995 struct dm_target *ti = v->ti; in verity_alloc_most_once()
998 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
1003 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
1006 if (!v->validated_blocks) { in verity_alloc_most_once()
1014 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1020 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1022 if (!v->zero_digest) in verity_alloc_zero_digest()
1025 req = kmalloc(v->ahash_reqsize, GFP_KERNEL); in verity_alloc_zero_digest()
1030 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1035 r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1036 v->zero_digest); in verity_alloc_zero_digest()
1052 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1054 if (v->mode) in verity_parse_verity_mode()
1058 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1060 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1062 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1067 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1073 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1094 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1104 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1114 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1120 v->use_tasklet = true; in verity_parse_opt_args()
1127 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1135 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1176 struct dm_verity *v; in verity_ctr() local
1187 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1188 if (!v) { in verity_ctr()
1192 ti->private = v; in verity_ctr()
1193 v->ti = ti; in verity_ctr()
1195 r = verity_fec_ctr_alloc(v); in verity_ctr()
1215 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1226 v->version = num; in verity_ctr()
1228 r = dm_get_device(ti, argv[1], BLK_OPEN_READ, &v->data_dev); in verity_ctr()
1234 r = dm_get_device(ti, argv[2], BLK_OPEN_READ, &v->hash_dev); in verity_ctr()
1242 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1248 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1252 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1258 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1261 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1262 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1267 v->data_blocks = num_ll; in verity_ctr()
1269 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1276 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1277 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1282 v->hash_start = num_ll; in verity_ctr()
1284 v->alg_name = kstrdup(argv[7], GFP_KERNEL); in verity_ctr()
1285 if (!v->alg_name) { in verity_ctr()
1291 v->tfm = crypto_alloc_ahash(v->alg_name, 0, in verity_ctr()
1292 v->use_tasklet ? CRYPTO_ALG_ASYNC : 0); in verity_ctr()
1293 if (IS_ERR(v->tfm)) { in verity_ctr()
1295 r = PTR_ERR(v->tfm); in verity_ctr()
1296 v->tfm = NULL; in verity_ctr()
1305 DMINFO("%s using implementation \"%s\"", v->alg_name, in verity_ctr()
1306 crypto_hash_alg_common(v->tfm)->base.cra_driver_name); in verity_ctr()
1308 v->digest_size = crypto_ahash_digestsize(v->tfm); in verity_ctr()
1309 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_ctr()
1314 v->ahash_reqsize = sizeof(struct ahash_request) + in verity_ctr()
1315 crypto_ahash_reqsize(v->tfm); in verity_ctr()
1317 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1318 if (!v->root_digest) { in verity_ctr()
1323 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1324 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1332 v->salt_size = strlen(argv[9]) / 2; in verity_ctr()
1333 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_ctr()
1334 if (!v->salt) { in verity_ctr()
1339 if (strlen(argv[9]) != v->salt_size * 2 || in verity_ctr()
1340 hex2bin(v->salt, argv[9], v->salt_size)) { in verity_ctr()
1354 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1368 v->hash_per_block_bits = in verity_ctr()
1369 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1371 v->levels = 0; in verity_ctr()
1372 if (v->data_blocks) in verity_ctr()
1373 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1374 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1375 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1376 v->levels++; in verity_ctr()
1378 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1384 hash_position = v->hash_start; in verity_ctr()
1385 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1388 v->hash_level_block[i] = hash_position; in verity_ctr()
1389 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1390 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1398 v->hash_blocks = hash_position; in verity_ctr()
1400 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1401 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1403 v->use_tasklet ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1404 if (IS_ERR(v->bufio)) { in verity_ctr()
1406 r = PTR_ERR(v->bufio); in verity_ctr()
1407 v->bufio = NULL; in verity_ctr()
1411 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1426 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1427 if (!v->verify_wq) { in verity_ctr()
1434 v->ahash_reqsize + v->digest_size * 2; in verity_ctr()
1436 r = verity_fec_ctr(v); in verity_ctr()
1474 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1479 return v->mode; in dm_verity_get_mode()
1490 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1495 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1499 *digest_size = v->digest_size; in dm_verity_get_root_digest()