tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * Copyright (C) 2012 Red Hat, Inc.
3 *
4 * Author: Mikulas Patocka <mpatocka@redhat.com>
5 *
6 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
7 *
8 * This file is released under the GPLv2.
9 *
10 * In the file "/sys/module/dm_verity/parameters/prefetch_cluster" you can set
11 * default prefetch value. Data are read in "prefetch_cluster" chunks from the
12 * hash device. Setting this greatly improves performance when data and hash
13 * are on the same disk on different partitions on devices with poor random
14 * access behavior.
15 */
16
17#include "dm-bufio.h"
18
19#include <linux/module.h>
20#include <linux/device-mapper.h>
21#include <crypto/hash.h>
22
23#define DM_MSG_PREFIX "verity"
24
25#define DM_VERITY_IO_VEC_INLINE 16
26#define DM_VERITY_MEMPOOL_SIZE 4
27#define DM_VERITY_DEFAULT_PREFETCH_SIZE 262144
28
29#define DM_VERITY_MAX_LEVELS 63
30
31static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE;
32
33module_param_named(prefetch_cluster, dm_verity_prefetch_cluster, uint, S_IRUGO | S_IWUSR);
34
35struct dm_verity {
36 struct dm_dev *data_dev;
37 struct dm_dev *hash_dev;
38 struct dm_target *ti;
39 struct dm_bufio_client *bufio;
40 char *alg_name;
41 struct crypto_shash *tfm;
42 u8 *root_digest; /* digest of the root block */
43 u8 *salt; /* salt: its size is salt_size */
44 unsigned salt_size;
45 sector_t data_start; /* data offset in 512-byte sectors */
46 sector_t hash_start; /* hash start in blocks */
47 sector_t data_blocks; /* the number of data blocks */
48 sector_t hash_blocks; /* the number of hash blocks */
49 unsigned char data_dev_block_bits; /* log2(data blocksize) */
50 unsigned char hash_dev_block_bits; /* log2(hash blocksize) */
51 unsigned char hash_per_block_bits; /* log2(hashes in hash block) */
52 unsigned char levels; /* the number of tree levels */
53 unsigned char version;
54 unsigned digest_size; /* digest size for the current hash algorithm */
55 unsigned shash_descsize;/* the size of temporary space for crypto */
56 int hash_failed; /* set to 1 if hash of any block failed */
57
58 mempool_t *vec_mempool; /* mempool of bio vector */
59
60 struct workqueue_struct *verify_wq;
61
62 /* starting blocks for each tree level. 0 is the lowest level. */
63 sector_t hash_level_block[DM_VERITY_MAX_LEVELS];
64};
65
66struct dm_verity_io {
67 struct dm_verity *v;
68
69 /* original values of bio->bi_end_io and bio->bi_private */
70 bio_end_io_t *orig_bi_end_io;
71 void *orig_bi_private;
72
73 sector_t block;
74 unsigned n_blocks;
75
76 struct bvec_iter iter;
77
78 struct work_struct work;
79
80 /*
81 * Three variably-size fields follow this struct:
82 *
83 * u8 hash_desc[v->shash_descsize];
84 * u8 real_digest[v->digest_size];
85 * u8 want_digest[v->digest_size];
86 *
87 * To access them use: io_hash_desc(), io_real_digest() and io_want_digest().
88 */
89};
90
91struct dm_verity_prefetch_work {
92 struct work_struct work;
93 struct dm_verity *v;
94 sector_t block;
95 unsigned n_blocks;
96};
97
98static struct shash_desc *io_hash_desc(struct dm_verity *v, struct dm_verity_io *io)
99{
100 return (struct shash_desc *)(io + 1);
101}
102
103static u8 *io_real_digest(struct dm_verity *v, struct dm_verity_io *io)
104{
105 return (u8 *)(io + 1) + v->shash_descsize;
106}
107
108static u8 *io_want_digest(struct dm_verity *v, struct dm_verity_io *io)
109{
110 return (u8 *)(io + 1) + v->shash_descsize + v->digest_size;
111}
112
113/*
114 * Auxiliary structure appended to each dm-bufio buffer. If the value
115 * hash_verified is nonzero, hash of the block has been verified.
116 *
117 * The variable hash_verified is set to 0 when allocating the buffer, then
118 * it can be changed to 1 and it is never reset to 0 again.
119 *
120 * There is no lock around this value, a race condition can at worst cause
121 * that multiple processes verify the hash of the same buffer simultaneously
122 * and write 1 to hash_verified simultaneously.
123 * This condition is harmless, so we don't need locking.
124 */
125struct buffer_aux {
126 int hash_verified;
127};
128
129/*
130 * Initialize struct buffer_aux for a freshly created buffer.
131 */
132static void dm_bufio_alloc_callback(struct dm_buffer *buf)
133{
134 struct buffer_aux *aux = dm_bufio_get_aux_data(buf);
135
136 aux->hash_verified = 0;
137}
138
139/*
140 * Translate input sector number to the sector number on the target device.
141 */
142static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector)
143{
144 return v->data_start + dm_target_offset(v->ti, bi_sector);
145}
146
147/*
148 * Return hash position of a specified block at a specified tree level
149 * (0 is the lowest level).
150 * The lowest "hash_per_block_bits"-bits of the result denote hash position
151 * inside a hash block. The remaining bits denote location of the hash block.
152 */
153static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
154 int level)
155{
156 return block >> (level * v->hash_per_block_bits);
157}
158
159static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
160 sector_t *hash_block, unsigned *offset)
161{
162 sector_t position = verity_position_at_level(v, block, level);
163 unsigned idx;
164
165 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits);
166
167 if (!offset)
168 return;
169
170 idx = position & ((1 << v->hash_per_block_bits) - 1);
171 if (!v->version)
172 *offset = idx * v->digest_size;
173 else
174 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits);
175}
176
177/*
178 * Verify hash of a metadata block pertaining to the specified data block
179 * ("block" argument) at a specified level ("level" argument).
180 *
181 * On successful return, io_want_digest(v, io) contains the hash value for
182 * a lower tree level or for the data block (if we're at the lowest leve).
183 *
184 * If "skip_unverified" is true, unverified buffer is skipped and 1 is returned.
185 * If "skip_unverified" is false, unverified buffer is hashed and verified
186 * against current value of io_want_digest(v, io).
187 */
188static int verity_verify_level(struct dm_verity_io *io, sector_t block,
189 int level, bool skip_unverified)
190{
191 struct dm_verity *v = io->v;
192 struct dm_buffer *buf;
193 struct buffer_aux *aux;
194 u8 *data;
195 int r;
196 sector_t hash_block;
197 unsigned offset;
198
199 verity_hash_at_level(v, block, level, &hash_block, &offset);
200
201 data = dm_bufio_read(v->bufio, hash_block, &buf);
202 if (unlikely(IS_ERR(data)))
203 return PTR_ERR(data);
204
205 aux = dm_bufio_get_aux_data(buf);
206
207 if (!aux->hash_verified) {
208 struct shash_desc *desc;
209 u8 *result;
210
211 if (skip_unverified) {
212 r = 1;
213 goto release_ret_r;
214 }
215
216 desc = io_hash_desc(v, io);
217 desc->tfm = v->tfm;
218 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
219 r = crypto_shash_init(desc);
220 if (r < 0) {
221 DMERR("crypto_shash_init failed: %d", r);
222 goto release_ret_r;
223 }
224
225 if (likely(v->version >= 1)) {
226 r = crypto_shash_update(desc, v->salt, v->salt_size);
227 if (r < 0) {
228 DMERR("crypto_shash_update failed: %d", r);
229 goto release_ret_r;
230 }
231 }
232
233 r = crypto_shash_update(desc, data, 1 << v->hash_dev_block_bits);
234 if (r < 0) {
235 DMERR("crypto_shash_update failed: %d", r);
236 goto release_ret_r;
237 }
238
239 if (!v->version) {
240 r = crypto_shash_update(desc, v->salt, v->salt_size);
241 if (r < 0) {
242 DMERR("crypto_shash_update failed: %d", r);
243 goto release_ret_r;
244 }
245 }
246
247 result = io_real_digest(v, io);
248 r = crypto_shash_final(desc, result);
249 if (r < 0) {
250 DMERR("crypto_shash_final failed: %d", r);
251 goto release_ret_r;
252 }
253 if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
254 DMERR_LIMIT("metadata block %llu is corrupted",
255 (unsigned long long)hash_block);
256 v->hash_failed = 1;
257 r = -EIO;
258 goto release_ret_r;
259 } else
260 aux->hash_verified = 1;
261 }
262
263 data += offset;
264
265 memcpy(io_want_digest(v, io), data, v->digest_size);
266
267 dm_bufio_release(buf);
268 return 0;
269
270release_ret_r:
271 dm_bufio_release(buf);
272
273 return r;
274}
275
276/*
277 * Verify one "dm_verity_io" structure.
278 */
279static int verity_verify_io(struct dm_verity_io *io)
280{
281 struct dm_verity *v = io->v;
282 struct bio *bio = dm_bio_from_per_bio_data(io,
283 v->ti->per_bio_data_size);
284 unsigned b;
285 int i;
286
287 for (b = 0; b < io->n_blocks; b++) {
288 struct shash_desc *desc;
289 u8 *result;
290 int r;
291 unsigned todo;
292
293 if (likely(v->levels)) {
294 /*
295 * First, we try to get the requested hash for
296 * the current block. If the hash block itself is
297 * verified, zero is returned. If it isn't, this
298 * function returns 0 and we fall back to whole
299 * chain verification.
300 */
301 int r = verity_verify_level(io, io->block + b, 0, true);
302 if (likely(!r))
303 goto test_block_hash;
304 if (r < 0)
305 return r;
306 }
307
308 memcpy(io_want_digest(v, io), v->root_digest, v->digest_size);
309
310 for (i = v->levels - 1; i >= 0; i--) {
311 int r = verity_verify_level(io, io->block + b, i, false);
312 if (unlikely(r))
313 return r;
314 }
315
316test_block_hash:
317 desc = io_hash_desc(v, io);
318 desc->tfm = v->tfm;
319 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
320 r = crypto_shash_init(desc);
321 if (r < 0) {
322 DMERR("crypto_shash_init failed: %d", r);
323 return r;
324 }
325
326 if (likely(v->version >= 1)) {
327 r = crypto_shash_update(desc, v->salt, v->salt_size);
328 if (r < 0) {
329 DMERR("crypto_shash_update failed: %d", r);
330 return r;
331 }
332 }
333 todo = 1 << v->data_dev_block_bits;
334 do {
335 u8 *page;
336 unsigned len;
337 struct bio_vec bv = bio_iter_iovec(bio, io->iter);
338
339 page = kmap_atomic(bv.bv_page);
340 len = bv.bv_len;
341 if (likely(len >= todo))
342 len = todo;
343 r = crypto_shash_update(desc, page + bv.bv_offset, len);
344 kunmap_atomic(page);
345
346 if (r < 0) {
347 DMERR("crypto_shash_update failed: %d", r);
348 return r;
349 }
350
351 bio_advance_iter(bio, &io->iter, len);
352 todo -= len;
353 } while (todo);
354
355 if (!v->version) {
356 r = crypto_shash_update(desc, v->salt, v->salt_size);
357 if (r < 0) {
358 DMERR("crypto_shash_update failed: %d", r);
359 return r;
360 }
361 }
362
363 result = io_real_digest(v, io);
364 r = crypto_shash_final(desc, result);
365 if (r < 0) {
366 DMERR("crypto_shash_final failed: %d", r);
367 return r;
368 }
369 if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
370 DMERR_LIMIT("data block %llu is corrupted",
371 (unsigned long long)(io->block + b));
372 v->hash_failed = 1;
373 return -EIO;
374 }
375 }
376
377 return 0;
378}
379
380/*
381 * End one "io" structure with a given error.
382 */
383static void verity_finish_io(struct dm_verity_io *io, int error)
384{
385 struct dm_verity *v = io->v;
386 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_bio_data_size);
387
388 bio->bi_end_io = io->orig_bi_end_io;
389 bio->bi_private = io->orig_bi_private;
390
391 bio_endio_nodec(bio, error);
392}
393
394static void verity_work(struct work_struct *w)
395{
396 struct dm_verity_io *io = container_of(w, struct dm_verity_io, work);
397
398 verity_finish_io(io, verity_verify_io(io));
399}
400
401static void verity_end_io(struct bio *bio, int error)
402{
403 struct dm_verity_io *io = bio->bi_private;
404
405 if (error) {
406 verity_finish_io(io, error);
407 return;
408 }
409
410 INIT_WORK(&io->work, verity_work);
411 queue_work(io->v->verify_wq, &io->work);
412}
413
414/*
415 * Prefetch buffers for the specified io.
416 * The root buffer is not prefetched, it is assumed that it will be cached
417 * all the time.
418 */
419static void verity_prefetch_io(struct work_struct *work)
420{
421 struct dm_verity_prefetch_work *pw =
422 container_of(work, struct dm_verity_prefetch_work, work);
423 struct dm_verity *v = pw->v;
424 int i;
425
426 for (i = v->levels - 2; i >= 0; i--) {
427 sector_t hash_block_start;
428 sector_t hash_block_end;
429 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL);
430 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL);
431 if (!i) {
432 unsigned cluster = ACCESS_ONCE(dm_verity_prefetch_cluster);
433
434 cluster >>= v->data_dev_block_bits;
435 if (unlikely(!cluster))
436 goto no_prefetch_cluster;
437
438 if (unlikely(cluster & (cluster - 1)))
439 cluster = 1 << __fls(cluster);
440
441 hash_block_start &= ~(sector_t)(cluster - 1);
442 hash_block_end |= cluster - 1;
443 if (unlikely(hash_block_end >= v->hash_blocks))
444 hash_block_end = v->hash_blocks - 1;
445 }
446no_prefetch_cluster:
447 dm_bufio_prefetch(v->bufio, hash_block_start,
448 hash_block_end - hash_block_start + 1);
449 }
450
451 kfree(pw);
452}
453
454static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io)
455{
456 struct dm_verity_prefetch_work *pw;
457
458 pw = kmalloc(sizeof(struct dm_verity_prefetch_work),
459 GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN);
460
461 if (!pw)
462 return;
463
464 INIT_WORK(&pw->work, verity_prefetch_io);
465 pw->v = v;
466 pw->block = io->block;
467 pw->n_blocks = io->n_blocks;
468 queue_work(v->verify_wq, &pw->work);
469}
470
471/*
472 * Bio map function. It allocates dm_verity_io structure and bio vector and
473 * fills them. Then it issues prefetches and the I/O.
474 */
475static int verity_map(struct dm_target *ti, struct bio *bio)
476{
477 struct dm_verity *v = ti->private;
478 struct dm_verity_io *io;
479
480 bio->bi_bdev = v->data_dev->bdev;
481 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector);
482
483 if (((unsigned)bio->bi_iter.bi_sector | bio_sectors(bio)) &
484 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) {
485 DMERR_LIMIT("unaligned io");
486 return -EIO;
487 }
488
489 if (bio_end_sector(bio) >>
490 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
491 DMERR_LIMIT("io out of range");
492 return -EIO;
493 }
494
495 if (bio_data_dir(bio) == WRITE)
496 return -EIO;
497
498 io = dm_per_bio_data(bio, ti->per_bio_data_size);
499 io->v = v;
500 io->orig_bi_end_io = bio->bi_end_io;
501 io->orig_bi_private = bio->bi_private;
502 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
503 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits;
504
505 bio->bi_end_io = verity_end_io;
506 bio->bi_private = io;
507 io->iter = bio->bi_iter;
508
509 verity_submit_prefetch(v, io);
510
511 generic_make_request(bio);
512
513 return DM_MAPIO_SUBMITTED;
514}
515
516/*
517 * Status: V (valid) or C (corruption found)
518 */
519static void verity_status(struct dm_target *ti, status_type_t type,
520 unsigned status_flags, char *result, unsigned maxlen)
521{
522 struct dm_verity *v = ti->private;
523 unsigned sz = 0;
524 unsigned x;
525
526 switch (type) {
527 case STATUSTYPE_INFO:
528 DMEMIT("%c", v->hash_failed ? 'C' : 'V');
529 break;
530 case STATUSTYPE_TABLE:
531 DMEMIT("%u %s %s %u %u %llu %llu %s ",
532 v->version,
533 v->data_dev->name,
534 v->hash_dev->name,
535 1 << v->data_dev_block_bits,
536 1 << v->hash_dev_block_bits,
537 (unsigned long long)v->data_blocks,
538 (unsigned long long)v->hash_start,
539 v->alg_name
540 );
541 for (x = 0; x < v->digest_size; x++)
542 DMEMIT("%02x", v->root_digest[x]);
543 DMEMIT(" ");
544 if (!v->salt_size)
545 DMEMIT("-");
546 else
547 for (x = 0; x < v->salt_size; x++)
548 DMEMIT("%02x", v->salt[x]);
549 break;
550 }
551}
552
553static int verity_ioctl(struct dm_target *ti, unsigned cmd,
554 unsigned long arg)
555{
556 struct dm_verity *v = ti->private;
557 int r = 0;
558
559 if (v->data_start ||
560 ti->len != i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT)
561 r = scsi_verify_blk_ioctl(NULL, cmd);
562
563 return r ? : __blkdev_driver_ioctl(v->data_dev->bdev, v->data_dev->mode,
564 cmd, arg);
565}
566
567static int verity_merge(struct dm_target *ti, struct bvec_merge_data *bvm,
568 struct bio_vec *biovec, int max_size)
569{
570 struct dm_verity *v = ti->private;
571 struct request_queue *q = bdev_get_queue(v->data_dev->bdev);
572
573 if (!q->merge_bvec_fn)
574 return max_size;
575
576 bvm->bi_bdev = v->data_dev->bdev;
577 bvm->bi_sector = verity_map_sector(v, bvm->bi_sector);
578
579 return min(max_size, q->merge_bvec_fn(q, bvm, biovec));
580}
581
582static int verity_iterate_devices(struct dm_target *ti,
583 iterate_devices_callout_fn fn, void *data)
584{
585 struct dm_verity *v = ti->private;
586
587 return fn(ti, v->data_dev, v->data_start, ti->len, data);
588}
589
590static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
591{
592 struct dm_verity *v = ti->private;
593
594 if (limits->logical_block_size < 1 << v->data_dev_block_bits)
595 limits->logical_block_size = 1 << v->data_dev_block_bits;
596
597 if (limits->physical_block_size < 1 << v->data_dev_block_bits)
598 limits->physical_block_size = 1 << v->data_dev_block_bits;
599
600 blk_limits_io_min(limits, limits->logical_block_size);
601}
602
603static void verity_dtr(struct dm_target *ti)
604{
605 struct dm_verity *v = ti->private;
606
607 if (v->verify_wq)
608 destroy_workqueue(v->verify_wq);
609
610 if (v->vec_mempool)
611 mempool_destroy(v->vec_mempool);
612
613 if (v->bufio)
614 dm_bufio_client_destroy(v->bufio);
615
616 kfree(v->salt);
617 kfree(v->root_digest);
618
619 if (v->tfm)
620 crypto_free_shash(v->tfm);
621
622 kfree(v->alg_name);
623
624 if (v->hash_dev)
625 dm_put_device(ti, v->hash_dev);
626
627 if (v->data_dev)
628 dm_put_device(ti, v->data_dev);
629
630 kfree(v);
631}
632
633/*
634 * Target parameters:
635 * <version> The current format is version 1.
636 * Vsn 0 is compatible with original Chromium OS releases.
637 * <data device>
638 * <hash device>
639 * <data block size>
640 * <hash block size>
641 * <the number of data blocks>
642 * <hash start block>
643 * <algorithm>
644 * <digest>
645 * <salt> Hex string or "-" if no salt.
646 */
647static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
648{
649 struct dm_verity *v;
650 unsigned num;
651 unsigned long long num_ll;
652 int r;
653 int i;
654 sector_t hash_position;
655 char dummy;
656
657 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL);
658 if (!v) {
659 ti->error = "Cannot allocate verity structure";
660 return -ENOMEM;
661 }
662 ti->private = v;
663 v->ti = ti;
664
665 if ((dm_table_get_mode(ti->table) & ~FMODE_READ)) {
666 ti->error = "Device must be readonly";
667 r = -EINVAL;
668 goto bad;
669 }
670
671 if (argc != 10) {
672 ti->error = "Invalid argument count: exactly 10 arguments required";
673 r = -EINVAL;
674 goto bad;
675 }
676
677 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 ||
678 num > 1) {
679 ti->error = "Invalid version";
680 r = -EINVAL;
681 goto bad;
682 }
683 v->version = num;
684
685 r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev);
686 if (r) {
687 ti->error = "Data device lookup failed";
688 goto bad;
689 }
690
691 r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev);
692 if (r) {
693 ti->error = "Data device lookup failed";
694 goto bad;
695 }
696
697 if (sscanf(argv[3], "%u%c", &num, &dummy) != 1 ||
698 !num || (num & (num - 1)) ||
699 num < bdev_logical_block_size(v->data_dev->bdev) ||
700 num > PAGE_SIZE) {
701 ti->error = "Invalid data device block size";
702 r = -EINVAL;
703 goto bad;
704 }
705 v->data_dev_block_bits = __ffs(num);
706
707 if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 ||
708 !num || (num & (num - 1)) ||
709 num < bdev_logical_block_size(v->hash_dev->bdev) ||
710 num > INT_MAX) {
711 ti->error = "Invalid hash device block size";
712 r = -EINVAL;
713 goto bad;
714 }
715 v->hash_dev_block_bits = __ffs(num);
716
717 if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 ||
718 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT))
719 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) {
720 ti->error = "Invalid data blocks";
721 r = -EINVAL;
722 goto bad;
723 }
724 v->data_blocks = num_ll;
725
726 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) {
727 ti->error = "Data device is too small";
728 r = -EINVAL;
729 goto bad;
730 }
731
732 if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 ||
733 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT))
734 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) {
735 ti->error = "Invalid hash start";
736 r = -EINVAL;
737 goto bad;
738 }
739 v->hash_start = num_ll;
740
741 v->alg_name = kstrdup(argv[7], GFP_KERNEL);
742 if (!v->alg_name) {
743 ti->error = "Cannot allocate algorithm name";
744 r = -ENOMEM;
745 goto bad;
746 }
747
748 v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);
749 if (IS_ERR(v->tfm)) {
750 ti->error = "Cannot initialize hash function";
751 r = PTR_ERR(v->tfm);
752 v->tfm = NULL;
753 goto bad;
754 }
755 v->digest_size = crypto_shash_digestsize(v->tfm);
756 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
757 ti->error = "Digest size too big";
758 r = -EINVAL;
759 goto bad;
760 }
761 v->shash_descsize =
762 sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);
763
764 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
765 if (!v->root_digest) {
766 ti->error = "Cannot allocate root digest";
767 r = -ENOMEM;
768 goto bad;
769 }
770 if (strlen(argv[8]) != v->digest_size * 2 ||
771 hex2bin(v->root_digest, argv[8], v->digest_size)) {
772 ti->error = "Invalid root digest";
773 r = -EINVAL;
774 goto bad;
775 }
776
777 if (strcmp(argv[9], "-")) {
778 v->salt_size = strlen(argv[9]) / 2;
779 v->salt = kmalloc(v->salt_size, GFP_KERNEL);
780 if (!v->salt) {
781 ti->error = "Cannot allocate salt";
782 r = -ENOMEM;
783 goto bad;
784 }
785 if (strlen(argv[9]) != v->salt_size * 2 ||
786 hex2bin(v->salt, argv[9], v->salt_size)) {
787 ti->error = "Invalid salt";
788 r = -EINVAL;
789 goto bad;
790 }
791 }
792
793 v->hash_per_block_bits =
794 __fls((1 << v->hash_dev_block_bits) / v->digest_size);
795
796 v->levels = 0;
797 if (v->data_blocks)
798 while (v->hash_per_block_bits * v->levels < 64 &&
799 (unsigned long long)(v->data_blocks - 1) >>
800 (v->hash_per_block_bits * v->levels))
801 v->levels++;
802
803 if (v->levels > DM_VERITY_MAX_LEVELS) {
804 ti->error = "Too many tree levels";
805 r = -E2BIG;
806 goto bad;
807 }
808
809 hash_position = v->hash_start;
810 for (i = v->levels - 1; i >= 0; i--) {
811 sector_t s;
812 v->hash_level_block[i] = hash_position;
813 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1)
814 >> ((i + 1) * v->hash_per_block_bits);
815 if (hash_position + s < hash_position) {
816 ti->error = "Hash device offset overflow";
817 r = -E2BIG;
818 goto bad;
819 }
820 hash_position += s;
821 }
822 v->hash_blocks = hash_position;
823
824 v->bufio = dm_bufio_client_create(v->hash_dev->bdev,
825 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux),
826 dm_bufio_alloc_callback, NULL);
827 if (IS_ERR(v->bufio)) {
828 ti->error = "Cannot initialize dm-bufio";
829 r = PTR_ERR(v->bufio);
830 v->bufio = NULL;
831 goto bad;
832 }
833
834 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) {
835 ti->error = "Hash device is too small";
836 r = -E2BIG;
837 goto bad;
838 }
839
840 ti->per_bio_data_size = roundup(sizeof(struct dm_verity_io) + v->shash_descsize + v->digest_size * 2, __alignof__(struct dm_verity_io));
841
842 v->vec_mempool = mempool_create_kmalloc_pool(DM_VERITY_MEMPOOL_SIZE,
843 BIO_MAX_PAGES * sizeof(struct bio_vec));
844 if (!v->vec_mempool) {
845 ti->error = "Cannot allocate vector mempool";
846 r = -ENOMEM;
847 goto bad;
848 }
849
850 /* WQ_UNBOUND greatly improves performance when running on ramdisk */
851 v->verify_wq = alloc_workqueue("kverityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, num_online_cpus());
852 if (!v->verify_wq) {
853 ti->error = "Cannot allocate workqueue";
854 r = -ENOMEM;
855 goto bad;
856 }
857
858 return 0;
859
860bad:
861 verity_dtr(ti);
862
863 return r;
864}
865
866static struct target_type verity_target = {
867 .name = "verity",
868 .version = {1, 2, 0},
869 .module = THIS_MODULE,
870 .ctr = verity_ctr,
871 .dtr = verity_dtr,
872 .map = verity_map,
873 .status = verity_status,
874 .ioctl = verity_ioctl,
875 .merge = verity_merge,
876 .iterate_devices = verity_iterate_devices,
877 .io_hints = verity_io_hints,
878};
879
880static int __init dm_verity_init(void)
881{
882 int r;
883
884 r = dm_register_target(&verity_target);
885 if (r < 0)
886 DMERR("register failed %d", r);
887
888 return r;
889}
890
891static void __exit dm_verity_exit(void)
892{
893 dm_unregister_target(&verity_target);
894}
895
896module_init(dm_verity_init);
897module_exit(dm_verity_exit);
898
899MODULE_AUTHOR("Mikulas Patocka <mpatocka@redhat.com>");
900MODULE_AUTHOR("Mandeep Baines <msb@chromium.org>");
901MODULE_AUTHOR("Will Drewry <wad@chromium.org>");
902MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking");
903MODULE_LICENSE("GPL");